Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

LDAP over SSL

Ok Qlik Community, noob here and hopefully will not embarrass myself.

I am trying to get Qlikview to use an LDAP server (Oracle LDAP) for the DSP. I am using the Configurable LDAP option, and I enter the LDAP URL as:

ldaps://{ldapserver}:636/{basedn}

I have tried many iterations of this, but I am not getting anywhere other than the following in the DSC logs:

20/05/2014 13:54:42.7930216Information(GenericLDAP.GenericLDAPProvider) Setting domainname to SMIND
20/05/2014 13:54:42.8086219Warning(GenericLDAP.GenericLDAPProvider+CachedDirectoryEntryHolder) Fetching directoryentry LDAP://{server}:636/{basedn} failed: The server is not operational.

20/05/2014 13:54:42.8086219Error(DSC.DirectoryFramework) setup path not successful for user '{bind dn user}' at 'LDAPS://{server}:636/{basdn}': System.Exception: Setting up connection failed; The server is not operational.

---> System.Runtime.InteropServices.COMException: The server is not operational.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

   at System.DirectoryServices.DirectoryEntry.Bind()

   at System.DirectoryServices.DirectoryEntry.get_NativeObject()

   at GenericLDAP.GenericLDAPProvider.CachedDirectoryEntryHolder.get_Entry()

   --- End of inner exception stack trace ---

   at GenericLDAP.GenericLDAPProvider.CachedDirectoryEntryHolder.get_Entry()

   at GenericLDAP.GenericLDAPProvider.SetupPath(String path, String username, String password)

   at DSC.DirectoryFramework.SetupResource(Guid id, String type, String path, String username, String password, IDictionary`2 newSettings)

20/05/2014 13:54:42.8086219Warning(DSC.DirectoryFramework) Setting up ldapDSP 'LDAPS://{server}:636/{basedn}' wasn't successful: Setting up connection failed; The server is not operational.

20/05/2014 13:54:42.8710231InformationInitializing done

The LDAP server is up and running, and I install an LDAP browsing tool on the same server to validate I can connect/bind/browse the LDAP server using the details I enter in the Qlik Admin console.

Does anyone have any experience of running LDAP over SSL? I have searched and found nothing relevant, so thought I would post in the hope that someone has a working configuration or can suggest what else I need to do.

Many thanks

12 Replies
Not applicable
Author

Thanks Bill for pointing me in the right direction.

It appears that the problem was not that the certificate authority needed added (it was a standard Verisign certificate) but that the name I was using to connect was not the same as the value in the LDAP servers DN settings of the cert. Whilst it appears other applications are less fussy, you have to explicitly state the details as per the certificate.

This is actually quite common as we have a VIP behind which real IPs and LDAP hosts are load balanced. Each (VIP and RIPs) will all have their own unique names, as will the service friendly name.

Once I changed the connection string to this, everything worked.

suniljain
Master
Master

Hi

Are you mean the name you were using to connect was not the same as the value in the LDAP servers DN settings of the SSL Certificate ?.

I am facing same issue.

Regards;

Sunil

Not applicable
Author

Hi Ricardo,

Your posts have been very helpful. I just have a few questions regarding your last post, as I am facing a similar issue.

- When you say 'the name you are using to connect', are you refering the Qlikview path or a config value?

- When you refer to the connection string, are you talking about the path? If so, which aspect of the path? Are you able to provide a generic example?

Any response is much appreciated.

Cheers,

Mark.