4 Replies Latest reply on May 12, 2016 6:41 AM by Bill Robinson

    Syncing BladeLogic RBAC Accounts with AD LDAP

    Steven Scarborough

      We are unable to sync our BladeLogic RBAC accounts using Windows AD. The problem is that BMC has dropped support for LDAPS. When I attempt to sync a role with Windows LDAP AD it get the following message:


      The ldap://servername.usda.gov:636 LDAP server does not support the StartTLS protocol extension. Please use LDAPv3 servers.


      We have other apps that are working when connecting to port 636 as the following example shows:


      SSL handshake has read 4681 bytes and written 462 bytes


      New, TLSv1/SSLv3, Cipher is AES256-SHA

      Server public key is 2048 bit

      Compression: NONE

      Expansion: NONE


      Protocol  : TLSv1

      Cipher    : AES256-SHA

          Session-ID: 90040000AC279BB9E6FD8B5A00D31B1567512AFAB3B40820D8ECDFEE948B3CF9


          Master-Key: A9C80CC33553401304EC70BF2DCFE4C7E6DF5255CC54DB5DEB5D3D0A2C14B2BA247A0B38C4D20CB554F8B467934A3254

      Key-Arg   : None

          Start Time: 1462996696

          Timeout : 300 (sec)

          Verify return code: 0 (ok)



      Our Security staff says that Port 636 has to have the session start the connection as encrypted and that's why you need to use LDAPS, however when I use the following URL this error is displayed:




      Invalid URL.

      Example - ldap://servername:port


      Is it possible to use Windows AD LDAP to sync RBAC accounts in BladeLogic?