I'm testing shield with ldaps.
I'm testing ldap over SSL/TLS to:
Now if I test the connectivity to ldaps://hostname1.domain.com:636 is working fine both on
shield and using the
ldapsearch linux command.
Otherwise, If I connect to ldaps://domain.com:636 (this is working with No SSL on port 389) I get a certificate mismatch error:
using ldapsearch command
TLS: hostname (domain.com) does not match common name in certificate (hostname1.domain.com).
on shield (same)
LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server domain.com:636: java.io.IOException: Hostname verification failed because the expected hostname 'domain.com' was not found in peer certificate 'subject='CN=hostname.domain.com' dNSName='hostname.domain.com''.')
I understand the error above. All good.
What I don't understand is that If I disable the certificate verification with the option
TLS_REQCERT ALLOW in my
ldapsearch command works fine.
But If I try to do the same on Shield with the option
hostname_verification: false I get a different error:
LDAPException(resultCode=81 (server down), errorMessage='An error occurred while attempting to send the LDAP message to server domain.com:636: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake caused by java.io.EOFException: SSL peer shut down incorrectly')
Can you please explaining why or at least address me to find a solution?
Is it a shield issue to be not able to perform the SSL/TLS handshake thorough the ldaps load balancer maybe?
Thanks for the support.