Tuesday, 10 November 2015

LDAP or LDAPS - THAT is THE question

So I did this: -

AdminTask.addIdMgrLDAPServer('[-id ad2008.uk.ibm.com -host ad2008.uk.ibm.com -bindDN CN=ldapbind,CN=Users,DC=uk,DC=ibm,DC=com -bindPassword P455w0rd -referal ignore -sslEnabled false -ldapServerType AD -sslConfiguration -certificateMapMode exactdn -certificateFilter -authentication simple -port 636]')

and got this: -

WASX7015E: Exception running command: "AdminTask.addIdMgrLDAPServer('[-id ad2008.uk.ibm.com -host ad2008.uk.ibm.com -bindDN CN=ldapbind,CN=Users,DC=uk,DC=ibm,DC=com -bindPassword ***** -referal ignore -sslEnabled false -ldapServerType AD -sslConfiguration -certificateMapMode exactdn -certificateFilter -authentication simple -port 636]') "; exception information:
com.ibm.websphere.wim.exception.WIMConfigurationException: com.ibm.websphere.wim.exception.WIMConfigurationException: CWWIM5020E  Could not connect to the ldap://ad2008.uk.ibm.com:636 repository using properties: [port=636],[bindDN=CN=ldapbind,CN=Users,DC=uk,DC=ibm,DC=com],[certificateMapMode=exactdn],[sslConfiguration=],[securityDomainName=admin],[sslEnabled=false],[connectTimeout=20],[connectionPool=false],[id=ad2008.uk.ibm.com],[ldapServerType=AD],[host=ad2008.uk.ibm.com],[referal=ignore],[derefAliases=always],[certificateFilter=],[authentication=simple],[bindPassword=****]. Exception occurred: javax.naming.ServiceUnavailableException.

Can you see what I did there ?

Yep, I tried to bind to the LDAP SSL port 636 but forgot to tell WAS that the port is using SSL ;-)

Once I changed my command: -

AdminTask.addIdMgrLDAPServer('[-id ad2008.uk.ibm.com -host ad2008.uk.ibm.com -bindDN CN=ldapbind,CN=Users,DC=uk,DC=ibm,DC=com -bindPassword P455w0rd -referal ignore -sslEnabled true -ldapServerType AD -sslConfiguration -certificateMapMode exactdn -certificateFilter -authentication simple -port 636]')

I got this: -

'CWWIM5027W The configuration is not complete. Saving an incomplete configuration can cause startup problems.'

which is as I'd expect.

Can you say "Doh!" ? Can you ?

No comments: