• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Issue with ColdFusion 2018 and LDAPS connection via CFLDAP

Community Beginner ,
Oct 06, 2021 Oct 06, 2021

Copy link to clipboard

Copied

I am attempting to migrate a CF10 application to CF2018 that uses a CFLDAP call to an Active Directory server and is experiencing failures. We have already used keytool to import the AD server certificate, and we have verified connectivity by telnet <ip address>:636 and can create a connection via openssl s_client -connect <ip address>:636.

 

We use CFSSL_BASIC, port 636, and are getting this error on the LDAP call:

Detail: One or more of the required attributes may be missing or incorrect or you do not have permissions to execute this operation on the server.
Operation: query :<ip address>:636


I have noted in the coldfusion-error.log an error that occurs when CF restarts:

INFO: The Apache Tomcat Native library which allows using OpenSSL was not found on the java.library.path: [C:\ColdFusion2018\cfusion\lib;C:\ColdFusion2018\cfusion\jintegra\bin;C:\ColdFusion2018\cfusion\jintegra\bin\international;C:\ColdFusion2018\cfusion\lib\oosdk\classes\win;C:\\ColdFusion2018\\jre\bin]


My hypothesis is that I am missing a library and/or don't have the correct directory in the PATH?

 

System details:

  • ColdFusion 2018,0,11,326016 Enterprise
  • WIndows Server 2016
  • Java version 11.0.1
  • Java home: C:\ColdFusion2018\jre
  • Tomcat: 9.0.41.0

 

Views

140

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Community Beginner , Oct 11, 2021 Oct 11, 2021

Update - success!

After reading the release notes at https://www.oracle.com/java/technologies/javase/11-0-1-relnotes.html,  I added  -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true to the java command. In this JVM version, some additional checks were added to LDAPS connections. I'll investigate that and fix the connection issue later so we can enable strict endpoint identification, but the connection works now

Votes

Translate

Translate
Community Beginner ,
Oct 07, 2021 Oct 07, 2021

Copy link to clipboard

Copied

I got one private reply, thanks for that!

As an update, I had our network admin do a packet capture for all traffic from my test servers to the two Active Directory servers I was using for testing, and she saw no traffic. There are no firewall rules blocking this outbound traffic, leading me to believe that the ColdFusion servers aren't even attempting to initiate a connection.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 11, 2021 Oct 11, 2021

Copy link to clipboard

Copied

LATEST

Update - success!

After reading the release notes at https://www.oracle.com/java/technologies/javase/11-0-1-relnotes.html,  I added  -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true to the java command. In this JVM version, some additional checks were added to LDAPS connections. I'll investigate that and fix the connection issue later so we can enable strict endpoint identification, but the connection works now

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation