Leave feedback
  • Question

    LDAP error 91

Enter a new topic
  • Mayank Bansal Mayank Bansal
    0 likes 2575 views

    Hi, I am trying to connect to LDAP in a secure way. This is what I have done to do the same.

    1. Enabled the checkbox to "secure" in Control Center.

    2. Provided secured ldap port number 636 in configuration.


    Suggest if the above configuration is sufficient or further any more configuration to be done?


    Also suggest what LDAP error 91 mean and how to resolve it.


    Thanks and regards,


    Monday 16 July, 2012
  • Magnus Östling Magnus Östling

    I Mayank,

    I did a search on LDAPS and found that you never received any response to this post. You have probably solved this by now, but during my tests I found a few things to consider to get this to work.

    1. Verifiy that the complete certificate chain above your LDAPS server is available in your certificatestore\trusted\authorities.
    2. Verify that these certificates are stored in base64 format.
    3. Verify that the top certificate in the chain really is CA root certificate (self signed).

    You can use a tool such as openssl s_client to connect to your LDAPS server and see what certificates that are returned in the SSL handshake.

    openssl s_client -connect host:636 -showcerts



    Wednesday 05 December, 2012
  • Nikhil Bansal Nikhil Bansal

    Hi Magnus,

    We are facing the same problem wherein we are unable to connect using port 636/3269.
    We started facing this problem after hostname change activity at AD end.The AD team has updated the OS from Windows 2003 to Windows 2012 which complies with its settings and does not support Anonymous with port 636/3269 port so now we are unable to connect with & without certificate.

    On trying "openssl s_client -connect host:636 -showcerts" , we are getting following error(PFA for your refernce):
    depth=1 /C=SG/O=CLIENT/OU=Technology And Operation/CN=W01GSGCA01
    verify error:num=20:unable to get local issuer certificate
    verify return:0

    defaulttrustedcertificateauthorityprofiles.xml file  Authentication & Verification tag  have been tested with  as ‘Anonymous’ & ‘Disabled’ and ‘Mandatory’ & ‘Enabled’respectively :

    •    /opt/strs/ bin/streamserve-5.5.0.GA.1450/applications/managementgateway/etc/confi g/5.5.0/common/securityprofiles
    •    /opt/strs/applications/SGUAT/wd/securityprofiles
    •    /opt/strs/bin/streamserve-5.5.0.GA.1450/platform

    Please suggest if any other change is required at our end?


    Tuesday 14 January, 2014

    Attached files