Gluu LDAP problem

By: Aslan Aslanli user 22 Feb 2022 at 11:27 p.m. CST

6 Responses
Aslan Aslanli gravatar
Hello Gluu team. We have probelm with gluu admin page. When we want to the connect gluu admin panel we get off error: ***Error Encountered An unexpected error has occured login.errorSessionInvalidMessage.* This error began after we renew our ssl certificate. we think that this error related with LDAP SSL. Please help us
Ubuntu 18.04
closed

Answers

By Mobarak Hosen Shakil staff 22 Feb 2022 at 11:52 p.m. CST

Copy
Mobarak Hosen Shakil gravatar
Hi Aslan, Please provide more details, like `oxauth.log, oxtrust.log`, and how did you perform to renew ldap certificate?. PS: You are using an old version of Gluu Server that already met it's EOL. We recommend you to upgrade with the latest one. Regards ~ Shakil

By Aslan Aslanli user 23 Feb 2022 at 12:22 a.m. CST

Copy
Aslan Aslanli gravatar
oxauth.log file. >>> ERROR [qtp804611486-15] [xdi.oxauth.authorize.ws.rs.AuthorizeAction] (AuthorizeAction.java:253) - Failed to get CustomScriptConfiguration. auth_step: 1, acr_values: auth_ldap_server. oxtrust.log is empty. We imported new certificate to a cacerts file with keytool. Sorry I am new in gluu.

By Mobarak Hosen Shakil staff 23 Feb 2022 at 8:32 p.m. CST

Copy
Mobarak Hosen Shakil gravatar
Please look into this documentations: https://gluu.org/docs/gluu-server/3.1.5/admin-guide/certificate/ and let me know you have followed them correctly. Regards ~ Shakil

By Aslan Aslanli user 27 Feb 2022 at 6:11 a.m. CST

Copy
Aslan Aslanli gravatar
I done this already. Please follow these steps shown below to update the Apache SSL cert: Save the latest SSL httpd key and certificate in the /etc/certs folder Rename them to httpd.key and httpd.crt respectively Import 'httpd.der' into the java keystore / Convertion to DER, command: openssl x509 -outform der -in httpd.crt -out httpd.der Delete the existing certificate to avoid ambiguity due to presense of 2 different certificates for the same entity after importing the new one: /opt/jdkx.x.x.x/jre/bin/keytool -delete -alias <hostname_of_your_Gluu_Server>_httpd -keystore /opt/jdkx.x.x.x/jre/lib/security/cacerts -storepass changeit Import certificate in to Java Keystore(cacerts): /opt/jdkx.x.x.x/jre/bin/keytool -importcert -file httpd.der -keystore /opt/jdkx.x.x.x/jre/lib/security/cacerts -alias <hostname_of_your_Gluu_Server>_httpd -storepass changeit

By Aslan Aslanli user 27 Feb 2022 at 8:57 a.m. CST

Copy
Aslan Aslanli gravatar
I used this: /opt/opendj/bin/ldapmodify -p 1636 -D 'cn=directory manager' -w 'xxxxx' -f /opt/opendj/changeAuth.ldif But get error as: Cannot read the bind response from the server. The port you are using may require a secured communication (--useSSL). The connection to the Directory Server was closed before the bind response could be read Result Code: 82 (Local Error)

By Mobarak Hosen Shakil staff 01 Mar 2022 at 11:56 p.m. CST

Copy
Mobarak Hosen Shakil gravatar
can you please try this way: ``` /opt/opendj/bin/ldapmodify -p 1636 -Z -X -D "cn=directory manager" -w "password" -f /path/to/file.ldif ``` `file.ldif` looks like: ``` dn: ou=configuration,o=gluu changetype: modify replace: oxTrustAuthenticationMode oxTrustAuthenticationMode: simple_password_auth ``` Regards ~ Shakil

Post an answer