IBM Security QRadar

 View Only
  • 1.  LDAPS Connection does not work

    Posted Thu March 14, 2019 04:02 AM
    Hi, 
    I do find this community very helpful, I learned a lot just by reading the posts. Thanks to all who contributed to it.

    Now I have myself a problem, maybe a misunderstanding.

    We try to implement the connection to LDAPS. According to the QRadar Admin Guide 7.3.2 it says on page 39
    Configuring SSL or TLS certifictes
    If you use an LDAP directory server for user authentication and you want to enable SSL encryption or TLS

    authentication, you must configure your SSL or TLS certificteN
    Procedure
    1. Using SSH, log in to your system as the root user.
    a) User name: root
    b) Password: <password>
    2. Type the following command to create the /opt/qradar/conf/trusted_certificates/
    directory:
    mkdir -p /opt/qradar/conf/trusted_certificates
    3. Copy the SSL or TLS certificte from the LDAP server to the /opt/qradar/conf/
    trusted_certificates directory on your system.
    4. Verify that the certificte file name extension is .cert, which indicates that the certificte is trusted.
    The QRadar system loads only .cert filesN


    That we just renamed the .pem File we got from the LDAP Server to .cert, it looks good. But then when we try to test the connection we got the error message - can not connect to LDAP Server. We are pretty sure that nothing is blocking the connection and we also got the right port (636).

    Do we use the right cert File? Where can I look for troubleshooting?

    Kind regard
    Oliver



    ------------------------------
    Oliver Braun
    ------------------------------


  • 2.  RE: LDAPS Connection does not work

    Posted Wed March 27, 2019 10:47 AM

    Oliver,

    Are you still having issues/questions about this LDAP cert issue? This was discussed and I believe the workaround for your issue is in the core support forums as the Java version is inserting an endpoint identifier that is causing a mismatch in your cert. You can find the discussion for this issue here: https://developer.ibm.com/answers/questions/475181/how-to-fix-this-ldap-ssl-error-javasecuritycertcer/

    If you are unsure of anything in the forum post above ^^, get QRadar Support involved and open a case here: https://ibm.com/mysupport. Without logs, I'm assuming your root issue is the same as above, but it is hard to diagnose logs/debug for the connection itself. You should be able to verify easily if com.sun.jndi.ldap.object.disableEndpointIdentification = true. If  yes, then review the support forums for the workaround. 


    Hope this helps and sorry for the late response. 

    - Jonathan

    NOTE: We don't monitor these forums as closely as the support forums https://ibm.biz/qradarforums on developer.ibm.com, but let us know if you have resolved this issue or if you need some technical help on these questions. 



    ------------------------------
    Jonathan Pechta
    QRadar Support Content Lead
    Support forums: ibm.biz/qradarforums
    jonathan.pechta1@ibm.com
    ------------------------------