{"id":6184,"date":"2011-12-12T18:03:39","date_gmt":"2011-12-12T23:03:39","guid":{"rendered":"http:\/\/www.ezrasf.com\/wplog\/?p=6184"},"modified":"2011-12-12T18:03:39","modified_gmt":"2011-12-12T23:03:39","slug":"dsid-0c090334","status":"publish","type":"post","link":"https:\/\/www.ezrasf.com\/wplog\/2011\/12\/12\/dsid-0c090334\/","title":{"rendered":"DSID-0C090334"},"content":{"rendered":"<p>Working with our clients on LDAP configuration almost invariable starts with SSL certificates. Self-signed, intermediate, and take up a while. The two tools, <a href=\"http:\/\/www.ezrasf.com\/wplog\/2011\/11\/14\/openssl-handshake\/\">openSSL<\/a> and <a href=\"http:\/\/www.ezrasf.com\/wplog\/2011\/01\/06\/new-root-ca\/\">keytool<\/a> have become my friends. Working with a network admin for the client, I\u00c2\u00a0finally saw the legitimate certificate correctly signed by the intermediate certificate not the self-signed. This means I finally saw this new I error I have never before seen.<\/p>\n<blockquote><p>javax.naming.AuthenticationException: [LDAP: error code 49 &#8211; 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, user@host.domain.tld:\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)<\/p><\/blockquote>\n<p>Research on the error code\u00c2\u00a0DSID-0C090334 led to indications the LDAP search username was incorrect. The Blackboard CE\/Vista LDAP client lacks capabilities many clients have to make it easier to use such as searching deeper into a tree or across branches. In this case our clients configured the user as &#8220;cn=account&#8221;. We looked at other clients who had something like &#8220;cn=account,ou=group,dc=domain,dc=edu&#8221;. When presented with this\u00c2\u00a0discrepancy\u00c2\u00a0as likely a problem, the client suggested a path for us to try like the latter. I entered it, tried our test user.<\/p>\n<p>It worked. They also confirmed it worked. Something to add to the wiki, I guess.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Working with our clients on LDAP configuration almost invariable starts with SSL certificates. Self-signed, intermediate, and take up a while. The two tools, openSSL and keytool have become my friends. Working with a network admin for the client, I\u00c2\u00a0finally saw the legitimate certificate correctly signed by the intermediate certificate not the self-signed. This means I [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[22],"tags":[990,2274,506,2277,1830,276],"class_list":["post-6184","post","type-post","status-publish","format-standard","hentry","category-bbvista","tag-blackboard-cevista","tag-intermediate-certificate","tag-ldap","tag-openssl","tag-ssl-certificate","tag-username"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p1rUBW-1BK","jetpack-related-posts":[],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ezrasf.com\/wplog\/wp-json\/wp\/v2\/posts\/6184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ezrasf.com\/wplog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ezrasf.com\/wplog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ezrasf.com\/wplog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ezrasf.com\/wplog\/wp-json\/wp\/v2\/comments?post=6184"}],"version-history":[{"count":0,"href":"https:\/\/www.ezrasf.com\/wplog\/wp-json\/wp\/v2\/posts\/6184\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ezrasf.com\/wplog\/wp-json\/wp\/v2\/media?parent=6184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ezrasf.com\/wplog\/wp-json\/wp\/v2\/categories?post=6184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ezrasf.com\/wplog\/wp-json\/wp\/v2\/tags?post=6184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}