5015 ERROR_INTERNAL when a complete subdomain CN is used in LDAP Contextless Login Roots #637
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
I have installed pwm 1.9.2 on windows.
I have configured 2 profiles "domain.com" and "xxx.domain.com", root domain and subdomain in a active directory forest (WS2016)
Both profile test OK in "configuration editor" and the test user is working.
For both profiles the root certificate has been added to keystore and imported in pwm app.
My first profile have "LDAP Contextless Login Roots" dc=domain,dc=com
For the second profile (subdomain) If i put dc=xxxx,dc=domain,dc=com in "LDAP Contextless Login Roots" users can't login and i get an error message:
5015 ERROR_INTERNAL (unexpected error during ldap search (profile=jesi), error: 5015 ERROR_INTERNAL (ldap error during searchID=0, error=javax.naming.PartialResultException, cause:javax.naming.CommunicationException: DomainDnsZone******, cause:javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching DomainDnsZones***** found., cause:java.security.cert.CertificateException: No subject alternative DNS name matching DomainDnsZones**** found.))
When i changed "LDAP Contextless Login Roots" to some specific OUs (es. ou=zzz,dc=xxxx,dc=domain,dc=com) users can login and authenticate properly.
Expected behavior
I expect to be able to reference the complete subdomain in "LDAP Contextless Login Roots" for the subdomain.
Desktop (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: