Hello:

I’ve been attempting to configure vCenter v6.7u3 to use an openLDAP server as a SSO using LDAPS and in the process been unsuccessful. The main problem is that vCenter will establish a tls connection and verify the certificate signatures, but will then close the connection immediately.

Here is an excerpt from when trying to submit the SSO configuration:

af4d4d42-75c4-403b-bdad-79f976bfd9a8 INFO  com.vmware.identity.interop.ldap.SslX509EqualityMatchVerificationCallback] Server SSL certificate is a trusted certificate.

af4d4d42-75c4-403b-bdad-79f976bfd9a8 WARN  com.vmware.identity.interop.ldap.LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: -1

af4d4d42-75c4-403b-bdad-79f976bfd9a8 WARN  com.vmware.identity.idm.server.ServerUtils] cannot bind connection: [ldaps://10.10.35.31, cn=admin,dc=example,dc=com]

af4d4d42-75c4-403b-bdad-79f976bfd9a8 ERROR com.vmware.identity.idm.server.ServerUtils] cannot establish connection with uri: ldaps://10.10.35.31

openLDAP logs show the vCenter establishing a tls connection and them promptly losing the connection.

With openssl s_client, I can connect to the port with the certificates I provide, but I can’t find anything else that would be useful. I can also connect on LDAP:// as well, but I want to establish a TLS connection. Is there a particular way that the certificates should be made? I just want to get the LDAPS to work.