Symptom
You cannot configure an AD Connection under Active Directory / LDAP with the option Use LDAPS connection activated. When testing the connection, one of the following types of error messages appears:
-
"
The connection to the LDAP service failed! Check the certificate and server name"; -
"
simple bind failed".
The log file looks like: -
"
2019-05-23 14:13:38,512 ERROR [https-jsse-nio-8443-exec-151] dec: simple bind failed: QA-DC01:636 javax.naming.CommunicationException: simple bind failed: QA-DC01:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching QA-DC01 found.]"
or -
"
javax.naming.CommunicationException: simple bind failed: dc01.your.domain:636
[Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]"
Problem
The Domain Controller(s) name and the certificate configured under Import SSL Certificate do not match.
Solution
-
Check that a fully qualified name of the domain controller has been entered, e.g. "dc01.your.domain". An IP address or a short name such as "dc01" will not be accepted when the domain controller name is checked against the certificate.
-
If several domain controllers are used, make sure that the root certificate has been configured.