Self-Solve Knowledge Search

Minimize Maximize
Cannot authenticate using the LDAPS authentication on ConApp
Title :
Cannot authenticate using the LDAPS authentication on ConApp
Document ID :
KM02129171
Product - Version:
arcsight connector appliance ;
OS :
Updated :
Mon Feb 08 17:11:40 GMT 2016
Summary :
Cannot authenticate using the LDAPS authentication on ConApp
On ConApp the Authenticate using the LDAPS authentication is not working
Solution
Please confirm the following areas :
 
Basically, there are 3 areas which might be causing the issue. 

Area 1 : The issue could be with certificate.  
CHECK  : Make sure the valid certificate is uploaded and after uploading the aps process is restarted (Setup > System Admin > Process Status > aps Restart). 


Area2 :  There could be network issue. 
OR
 
SSH to the appliance and there use the ping and telnet command.


Area3 : The Distinguished Name
CHECK :
 Please check the  Distinguished Name.

               When LDAP is enabled, each user account must exist locally on your system. Although the user name specified locally can be different from the one specified on the LDAP server, the Distinguished Name (DN) specified for each user account must match the one in the LDAP
server.

              If you enabled SSL client certificate authentication, click this link to enter user’s the Distinguished Name (Certificate Subject) information. The Distinguished Name should be similar to this
format: CN=UserA,OU=Engg Team,O=ArcSight\, Inc.,L=Cupertino,C=US,ST=California

To determine the DN, use this URL to display the certificate: 
https://<hostname or IP address>/platform-service/
DisplayCertificate

OR

Obtain the DN information for a user from the browser that the user will open to connect to the system. For example, on Firefox, click Tools > Options > Advanced > Encryption > View
Certificates > Your Certificates > Select the certificate > View.
 
CHECK : From GUI using the diagnostic tool check the ping <host> and  also scan network port. To make sure the server is reachable and also the port is open.