toomasaas

Using LDAP identity store - certificate error

Discussion created by toomasaas on Apr 29, 2013
Latest reply on Dec 23, 2013 by stsnider
I'm setting up ArcGIS for Server 10.1 SP1 on Windows Server 2008 R2. I'm trying to use LDAP as identity store for users and roles. When I configure the identity store in ArcGIS Manager, everything seems to go successfully - I fill in all the required fields, click on 'Test connection' and the connection is successful. After completing configuration (while logged in to Manager as siteadmin) I can successfully search users and roles from the LDAP directory.

However, users configured in LDAP with Administrator-type role can not log in to Manager. The error message given by manager is simply that username or password is incorrect. When tracing the connection on LDAP server, I see the following:

TLS accept failure 1 on connection 0x8f2e5b80, setting err = -5875. Error stack:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown - SSL alert number 46
TLS handshake failed on connection 0x8f2e5b80, err = -5875.

The LDAP directory in question is Novell eDirectory 8.8.5. It is configured to require TLS for binds with password. The LDAP server uses SSL certificate issued by the eDirectory internal CA, not a 'well-known' commercial CA.

I have some OpenLDAP-based client systems which can successfully authenticate users to the same eDirectory. To get these working, I had to introduce our eDirectory CA certificate to the client systems. However, I cannot see a way to do something similar with ArcGIS.

Is there a way to get LDAP-based authentication working in my situation?

Outcomes