For one of my customers, i needed to change the LDAP Repository from LDAP ( port 389 ) to LDAP Secure ( port 636 ).

Adding the signer into the CellDefaultTrustStore went without any problems.

Also restarting all JVM’s went okay. So far so good.

But when i changed the LDAP connection from 389 to 636 and set the Require SSL Connections, it resulted in an error:

CWWIM5020E Could not connect to the
ldap://myldapserver.domain.com:389 repository using properties:
...Exception
occurred: javax.naming.AuthenticationException.

Which brought me to the following fix: PI71926: BIND DN NOT SAVED CORRECTLY WHEN EDITING SECURITY CONFIGURATION
Link to IBM article: http://www-01.ibm.com/support/docview.wss?uid=swg1PI71926

But.....it tells you it's fixed in 8.5.5.12, and Connections only runs till 8.5.5.11. And if you don't want to loose IBM support, it's a nogo. 

Found another workaround which works, also on WebSphere 8.5.5.10

If you change LDAP to SSL, you also need to change the password from your ldap-reader-user, in the Password field ( and ofcourse change it in your LDAP "userdocument" ). Then the correct password is set in the query to save the information. 
If you leave the password unchanged and only change the LDAP port and Secure Settings, the query's password is not set correctly.

Visits: 1523

By angioni

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.