[
https://issues.apache.org/jira/browse/DIRSTUDIO-1173?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Anthony Winstanley closed DIRSTUDIO-1173.
-----------------------------------------
Resolution: Workaround
Switching from JNDI to the "Apache Directory LDAP Client API" solves this for
us.
Thanks for the help!
> StartTLS fails when required by LDAP service
> --------------------------------------------
>
> Key: DIRSTUDIO-1173
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1173
> Project: Directory Studio
> Issue Type: Bug
> Affects Versions: 2.0.0-M13
> Environment: Windows 10 Pro 64bit
> Reporter: Anthony Winstanley
> Priority: Major
>
> We have 389-ds sitting behind an f5 load balancer. The load balancer requires
> connections on port 389 to use StartTLS. It makes connections to the 389-ds
> servers on port 389 using StartTLS.
> If I connect directly to port 389 on a 389-ds server with "Use StartTLS
> extension", the connection is fine. If I change the hostname of this
> connection to the load-balanced hostname, I get:
> "The connection failed - [LDAP: error code 48 - STARTTLS required]"
> However, ldapsearch successfully makes STARTTLS connections through the load
> balancer like:
> ldapsearch -x -H ldap://lbhost.example.com -ZZ
>
>
> My guess is that ADS is not activating StartTLS soon enough when connecting
> to port 389... which is fine if the connection doesn't require the use of
> StartTLS, but unworkable when it does.
> Of course, I'm hoping this is an easy fix...
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
