Author Topic: LDAPS Error - Error 33  (Read 2118 times)

Offline tomparker12

  • Newbie
  • *
  • Posts: 26
  • Karma: 0
LDAPS Error - Error 33
« on: April 09, 2019, 10:36:44 PM »
Hi there,

I have recently configured LDAP in a customers environment, which works absolutely fine. However when migrating the service to HTTPS, I'm getting an error 33. Looking in the LDAP Error log files, 33 relates to Alias problem.

As stated, this has worked absolutely fine before for LDAP, specifically for LDAPS.

Just wondering if anybody else has seen this?
Thanks,

Offline Kubig

  • Hero Member
  • *****
  • Posts: 2734
  • Karma: 43
Re: LDAPS Error - Error 33
« Reply #1 on: April 09, 2019, 10:38:32 PM »
Did you change your LDAP configuration to the LDAPS one (including server certificate(s)?
Genesys certified professional consultant (GVP, SIP, GIR and Troubleshooting)

Offline tomparker12

  • Newbie
  • *
  • Posts: 26
  • Karma: 0
Re: LDAPS Error - Error 33
« Reply #2 on: April 09, 2019, 10:42:04 PM »
Yes I've got the CACert Path - *.cer, cert-path - *.cer & key path - *.key all set.

Thanks

Offline Kubig

  • Hero Member
  • *****
  • Posts: 2734
  • Karma: 43
Re: LDAPS Error - Error 33
« Reply #3 on: April 09, 2019, 10:45:42 PM »
Try to post your LDAP configuration
Genesys certified professional consultant (GVP, SIP, GIR and Troubleshooting)

Offline tomparker12

  • Newbie
  • *
  • Posts: 26
  • Karma: 0
Re: LDAPS Error - Error 33
« Reply #4 on: April 09, 2019, 10:53:17 PM »
app-user: account name of AD
cacert-path: C:\Certificates\Issuingcert.cer
cert-path: C:\Certificates\hostnameofmachinetoLDAPserver.cer
key-path: C:\Certificates\hostnameofmachinetoLDAPserver.key
ldap-url: ldaps://Domain:636/dc=XXXX,dc=X??one?(&(objectClass=user)(objectCategory=user)(samaccountname=X))
password: XXXX
verbose: 2

Similar to the above :)

Offline Kubig

  • Hero Member
  • *****
  • Posts: 2734
  • Karma: 43
Re: LDAPS Error - Error 33
« Reply #5 on: April 09, 2019, 11:23:55 PM »
Do you use client certification validation? If no, then remove the cert-path and key-path options
Genesys certified professional consultant (GVP, SIP, GIR and Troubleshooting)

Offline tomparker12

  • Newbie
  • *
  • Posts: 26
  • Karma: 0
Re: LDAPS Error - Error 33
« Reply #6 on: April 09, 2019, 11:26:31 PM »
Following the Genesys docs as per their deployment guide...

https://docs.genesys.com/Documentation/FR/Current/ExtAuth/LDAPOpts

Do any have any suggestions on implementation of LDAPS where it's successfully worked?

Thanks,

Offline Kubig

  • Hero Member
  • *****
  • Posts: 2734
  • Karma: 43
Re: LDAPS Error - Error 33
« Reply #7 on: April 09, 2019, 11:57:36 PM »
I have deployed LDAPS many times and never encounter similiar issue and also, as was mentioned, never use the client certificate authorization (and I still think you do not need it as well).
Genesys certified professional consultant (GVP, SIP, GIR and Troubleshooting)

Offline tomparker12

  • Newbie
  • *
  • Posts: 26
  • Karma: 0
Re: LDAPS Error - Error 33
« Reply #8 on: April 10, 2019, 12:20:19 AM »
Just tried it without the cert-path and key-path, sadly no luck. I'll continue having a play around.

Offline Kubig

  • Hero Member
  • *****
  • Posts: 2734
  • Karma: 43
Re: LDAPS Error - Error 33
« Reply #9 on: April 10, 2019, 04:41:07 PM »
I would recommend to use any LDAP browser software to be ensure the connection over secure protocol is working apart Genesys env.
Genesys certified professional consultant (GVP, SIP, GIR and Troubleshooting)

Offline tomparker12

  • Newbie
  • *
  • Posts: 26
  • Karma: 0
Re: LDAPS Error - Error 33
« Reply #10 on: April 10, 2019, 05:36:43 PM »
So interestingly using an LDAP browser and i'm able to connect to the LDAP server using LDAPS and External Authentication (SSL Certificate) and it works!

Offline cavagnaro

  • Administrator
  • Hero Member
  • *****
  • Posts: 7621
  • Karma: 56330
Re: LDAPS Error - Error 33
« Reply #11 on: April 10, 2019, 09:28:46 PM »
Which kind of certificate are you using? PEM?

Offline tomparker12

  • Newbie
  • *
  • Posts: 26
  • Karma: 0
Re: LDAPS Error - Error 33
« Reply #12 on: April 10, 2019, 09:30:06 PM »
I've used cer and PEM (both Base 64)