LDAP Error 13 / Novell eDirectory / Unable to Authenticate


This article applies to:

  • R3000

Question:

LDAP Error 13 / Novell eDirectory / Unable to Authenticate

Reply

This error almost always occurs in Novell eDirectory environment where authentication takes place over SSL.  This happens due to eDirectory having "Allow Clear Text Password" turned off or having "Require TLS for simple binds with Password" box unchecked on the LDAP Group Object in ConsoleOne.  When this option is turned 'on', bind takes place on port 636 instead of 389 by default.  Error message that you see in the R3000 log file list as in the following:Error 13: Confidentiality Required*** Please not that customers have the luxury to redefine ports for SSL, so you may find different port being used instead of the default ports listed above.Fix:There are two ways this problem can be fixed;1) Uncheck TLS option or enable eDirectoy to allow clear text password.
2) Use "Bind over SSL" in R3000 LDAP Domain Details.  Although this is preferred method, it is required to obtain the SSL certificate that the Novell Server is using and upload into R3000 for it to be able to communicate.  If certificate on Novell Server expires or changes, new certificate must be uploaded into R3000; otherwise, authentication would stop.

A simple way to obtain the certificate that is being used in the Novell Server is to access the server on port 636 or custom port using IE or any other browser.  When certificate accept/deny window popup, save the certificate with same name as the tree name followed by uploading into R3000.


This article was previously published as:
8e6 KB 276578

Last Modified 1/21/2008.
https://support.trustwave.com/kb/KnowledgebaseArticle12387.aspx