Help

Cannot login to Casper using the LDAP anymore

jamest
New Contributor

Posted on ‎05-04-2015 08:10 AM

Cannot login to Casper using the LDAP anymore - Last week on Tuesday we were able to login to Casper using our LDAP accounts and now it has stopped working but we are able to ping or telnet to port 636. Any ideas how this can be fixed or why this stopped working?

This is the error message we get when running the test:

Error: javax.naming.CommunicationException: server name:636 [Root exception is java.net.SocketException: Connection reset]
Suggestion: Ensure you can connect to server name.com on port 636

0 Kudos
8 REPLIES 8

rderewianko
Valued Contributor II

Posted on ‎05-04-2015 08:14 AM

Try turning off LDAPS and connecting via LDAP. If that connects no issue, then i'd suggest poking at the LDAPS cert in your java keystore.

Also check logging in to the LDAP using the service account you have setup for casper to login as.

0 Kudos

grahamfw
New Contributor III

Posted on ‎05-04-2015 01:10 PM

You didn't happen to upgrade to Java 8 on the JSS did you?

Also, if you test the ldap connection in the Management Settings, does it fail there as well? What OS is your JSS on?

0 Kudos

jamest
New Contributor

Posted on ‎05-04-2015 01:29 PM

No I did not. We are using the JSS in the cloud. Our JSS should be up to date since it is under the jamf cloud. I think the Java issue pertains to the JSS being onsite but when I speak to Jamf i will bring it up

0 Kudos

emily
Valued Contributor III
Valued Contributor III

Posted on ‎05-04-2015 01:30 PM

Did the account that you use for LDAP authentication have its password expire or get locked out?

0 Kudos

jamest
New Contributor

Posted on ‎05-04-2015 01:41 PM

@emilykausalik I used my account for ldap authentication and I have the same password as when the JSS was setup

0 Kudos

rderewianko
Valued Contributor II

Posted on ‎05-04-2015 01:58 PM

If its jss in the cloud, I'd def hit support up

0 Kudos

grahamfw
New Contributor III

Posted on ‎05-05-2015 07:59 AM

I was under the impression that you did a telnet from the JSS to your LDAP, which doesn't seem to be the case here. Someone might have inadvertently blocked 636 (or whatever port you use for LDAPS) from the WAN or the JSS specifically, depending on how you whitelisted it. Or your JSS IP could have changed as well.

Just some things to look out for.

0 Kudos

jamest
New Contributor

Posted on ‎05-06-2015 01:52 PM

It ended up being a be certificate issue. We had to reissue the SSL cert and it started working

0 Kudos