4 Replies Latest reply on Mar 21, 2016 8:03 AM by Bill Robinson

    Ldap sync StartTLS

    Mike Reider

      Hi all, we are trying to setup an ldap sync at a client site, using this guide,




      When I try to run the sync I am getting this error in the appserver log


      [Client] The ldap://fg.abc.com:389 LDAP server does not support the StartTLS protocol extension. Please use LDAPv3 servers. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Certificate signature validation failed


      The admin tells me that their DCs are not configured for SSL and to change their DC to handle TLS/StartTLS protocol would take months since the DCs handle all their network and any change requires massive amount of approvals.


      Is there a way to make the sync work without SSL/TLS? Im guessing not but wanted to confirm. Thanks.