Skip to content

Possible errors for LDAP connection

Resilio Connect Management Console shows the error message returned by LDAP server as is. Below are most common errors with possible solutions.

Invalid login / password

Check that the username you apply contains domain prefix, i.e. supplied in format \username

LdapErr: DSID-0C090266, The server requires binds to turn on integrity

checking if SSL\TLS are not already active on the connection

This error indicates that your active directory requires secured connection. Enable it both - on your AD and in Management Console (check the "Use SSL" checkbox.

ldap2.png

Cannot connect to LDAP server ldaps://:636, error: Error: unable

to get local issuer certificate

Management Console is unable to verify your CA or intermediate CA of your AD certificate. Try exporting your whole certificate chain as Base64 encoded certificates and enter it to General settings -> Advanced server settings -> Custom trusted CA certificates
cert.png

Cannot connect to LDAP server: ERR_TLS_CERT_ALTNAME_INVALID

The AD server's actual hostname does not match the server's name in certificate field "Subject Alternative name". Can be resolved with:

  • Issuing another certificate where "Subject Alternative name" matching actual server name
  • Renaming server so it matches the certificate field "Subject Alternative name"
  • Suppressing the check by applying environment variable NODE_TLS_REJECT_UNAUTHORIZED=0
    Note that you are lowering your overall system security by doing it.
    For Windows must be applied to system-wide environment variables (requires OS reboot).
    For Linux just ensure that this environment variable setting reaches your Management Console. Can be set just before launching the srvctrl.

NameErr: DSID-03100238, problem 2001 (NO_OBJECT)

Selected subset of objects (users) by your Base DN is too narrow and does not include users. Try removing extra components and select upper level (usually it works on the OU=Users level).

Any other error not listed above

  • Check your "Base DN" one more time, it may contain a mistake
  • Clean your "Additional DN" and try again - it's used in very rare cases