Cannot Bind LDAPs in Dell Security Management Server Virtual 11.0 or Later

Affected Products:

• Dell Security Management Server Virtual

Affected Versions:

• v11.0 and Later

Affected Operating Systems:

• Linux

Typically seen after upgrading to Dell Security Management Server Virtual v11.0 or later from an older version and attempting to use the same LDAPs settings that worked fine before the update now show a bad status for the domain and errors are encountered when attempting to save LDAPs settings.

Error unable to connect to the server appears when attempting to bind LDAPs in the remote management console. Logs show SSL handshake errors:

org.springframework.ldap.CommunicationException: simple bind failed: ADSERVER.DOMAIN.COM:636; nested exception is javax.naming.CommunicationException: simple bind failed: ADSERVER.DOMAIN.COM:636 [Root exception is javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching ADSERVER.DOMAIN.COM found.]

Figure 1: (English Only) Unable to Connect to the Server

Self-singed certificates and the Java updates in v11.0. Endpoint identification algorithms have been enabled by default, to improve the robustness of LDAPS (secure LDAP over TLS) connections. From the changelog: https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html

Disable endpoint identification by modifying wrapper.conf by following the instructions below.

1. Stop services reference How to Stop and Start Services in Dell Security Management Server Virtual / Dell Data Protection Virtual Edition.
2. From the main menu, select Launch Shell:

Figure 2: (English Only) Select Launch Shell

3. Type su dellsupport and press enter:

Figure 3: (English Only) Type su dellsupport

4. Type the password for the dellsupport account and press enter:

Figure 4: (English Only) Type the password

5. Type sudo nano /opt/dell/server/security-server/conf/wrapper.conf.

Figure 5: (English Only) Type sudo nano /opt/dell/server/security-server/conf/wrapper.conf

6. Under # Additional java parameters to the VM, add the line wrapper.java.additional.XX=-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true where XX is incremental to the list (mine is 12 in this example):

Figure 6: (English Only) Add line wrapper.java.additional.XX=-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true

7. Press CTRL + O to save changes.
8. Press CTRL + X to exit.
9. Type exit and then press Enter to log out of dellsupport.

Figure 7: (English Only) Type exit

10. Type exit and then press Enter to log out of the shell to the Main Menu.

Figure 8: (English Only) Type exit

11. Start services reference How to Stop and Start Services in Dell Security Management Server Virtual / Dell Data Protection Virtual Edition.

Now you can bind the domain using LDAPs port.