Genesys CTI User Forum

Genesys CTI User Forum => Genesys CTI Technical Discussion => Topic started by: tomparker12 on April 09, 2019, 01:36:44 PM

Title: LDAPS Error - Error 33
Post by: tomparker12 on April 09, 2019, 01:36:44 PM

Hi there,

I have recently configured LDAP in a customers environment, which works absolutely fine. However when migrating the service to HTTPS, I'm getting an error 33. Looking in the LDAP Error log files, 33 relates to Alias problem.

As stated, this has worked absolutely fine before for LDAP, specifically for LDAPS.

Just wondering if anybody else has seen this?
Thanks,

Title: Re: LDAPS Error - Error 33
Post by: Kubig on April 09, 2019, 01:38:32 PM

Did you change your LDAP configuration to the LDAPS one (including server certificate(s)?

Title: Re: LDAPS Error - Error 33
Post by: tomparker12 on April 09, 2019, 01:42:04 PM

Yes I've got the CACert Path - *.cer, cert-path - *.cer & key path - *.key all set.

Thanks

Title: Re: LDAPS Error - Error 33
Post by: Kubig on April 09, 2019, 01:45:42 PM

Try to post your LDAP configuration

Title: Re: LDAPS Error - Error 33
Post by: tomparker12 on April 09, 2019, 01:53:17 PM

app-user: account name of AD
cacert-path: C:\Certificates\Issuingcert.cer
cert-path: C:\Certificates\hostnameofmachinetoLDAPserver.cer
key-path: C:\Certificates\hostnameofmachinetoLDAPserver.key
ldap-url: ldaps://Domain:636/dc=XXXX,dc=X??one?(&(objectClass=user)(objectCategory=user)(samaccountname=X))
password: XXXX
verbose: 2

Similar to the above :)

Title: Re: LDAPS Error - Error 33
Post by: Kubig on April 09, 2019, 02:23:55 PM

Do you use client certification validation? If no, then remove the cert-path and key-path options

Title: Re: LDAPS Error - Error 33
Post by: tomparker12 on April 09, 2019, 02:26:31 PM

Following the Genesys docs as per their deployment guide...

https://docs.genesys.com/Documentation/FR/Current/ExtAuth/LDAPOpts

Do any have any suggestions on implementation of LDAPS where it's successfully worked?

Thanks,

Title: Re: LDAPS Error - Error 33
Post by: Kubig on April 09, 2019, 02:57:36 PM

I have deployed LDAPS many times and never encounter similiar issue and also, as was mentioned, never use the client certificate authorization (and I still think you do not need it as well).

Title: Re: LDAPS Error - Error 33
Post by: tomparker12 on April 09, 2019, 03:20:19 PM

Just tried it without the cert-path and key-path, sadly no luck. I'll continue having a play around.

Title: Re: LDAPS Error - Error 33
Post by: Kubig on April 10, 2019, 07:41:07 AM

I would recommend to use any LDAP browser software to be ensure the connection over secure protocol is working apart Genesys env.

Title: Re: LDAPS Error - Error 33
Post by: tomparker12 on April 10, 2019, 08:36:43 AM

So interestingly using an LDAP browser and i'm able to connect to the LDAP server using LDAPS and External Authentication (SSL Certificate) and it works!

Title: Re: LDAPS Error - Error 33
Post by: cavagnaro on April 10, 2019, 12:28:46 PM

Which kind of certificate are you using? PEM?

Title: Re: LDAPS Error - Error 33
Post by: tomparker12 on April 10, 2019, 12:30:06 PM

I've used cer and PEM (both Base 64)