5017 - Directory Unavailable

[LTA IT]

Hello,

could someone help me to resolve this error? 

I checked the pwm configuration and got a ldpa test profile. On annex the result

The main ldaps url is the smclatmi01.

On the screenshot the error I got when I use the "AD_sspr" user enabled only to password reset.

Thank you,

Alessandro

[Jason Rivard]

The Java version your using has deprecated TLSv10, and your directory doesn't support anything newer.  It should.  Ideally update your direcory server.  Otherwise you can google for how to allow Java to use older TLS versions.

[LTA IT]

Hello Jason,

thanks.

How can do that on Debian server?update the directory server...

[LTA IT]

Hello Jason,

could you help with some advices? 

Thank so much

[Jason Rivard]

This issue is not PWM specific and has been covered here and many other places on the internet.  Try googling the error.

[Marco Neves]

Enable TLS1.2 on your Ldap Servers.

[Soh Meng Kuan]

hi all, 

i can confirm my AD server(win 2016 standard) is support tls1.2 by default, and the sslscan do confirm my confirm too.

But still it showing 

5015 ERROR_INTERNAL (unexpected error during ldap search (profile=default), error: 5015 ERROR_INTERNAL (ldap error during searchID=0, context=DC=irafflesia,DC=edu,DC=my, error=javax.naming.PartialResultException, cause:javax.naming.CommunicationException: irafflesia.edu.my:636, cause:javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]))

i dont want to waste a topic as this is the same issue as mine.

[Jason Rivard]

Did you check all of the LDAP servers in the domain.