Overview
Users are unable to log in to Jive via LDAP after an LDAP server upgrade(s). Previously logged-in users continue to retain access whereas new users are not able to log in. This article provides a resolution to this issue.
Environment
- Jive - AWS
Process
- Go to the Admin Console > People > Settings, where you will be able to identify the authentication mode used by that instance (SAML/LDAP or SAML and LDAP).
- Go to the Admin Console > People > Settings, review SSO settings or LDAP settings for errors. For example:
- Review the application logs in Kibana
org.springframework.security.authentication.InternalAuthenticationServiceException: ip_address; nested exception is javax.naming.CommunicationException: ip_address:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address ip_address found] at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85) at com.jivesoftware.community.aaa.JiveLdapAuthenticationProvider$1.authenticate(JiveLdapAuthenticationProvider.java:175) at com.jivesoftware.community.aaa.JiveLdapAuthenticationProvider.doAuthenticate(JiveLdapAuthenticationProvider.java:300) at com.jivesoftware.community.aaa.JiveLdapAuthenticationProvider.authenticate(JiveLdapAuthenticationProvider.java:249) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) at com.jivesoftware.community.aaa.JiveAuthenticationProviderManager.authenticate(JiveAuthenticationProviderManager.java:69) at ..... Caused by: org.springframework.ldap.CommunicationException: ip_address:636; nested exception is javax.naming.CommunicationException: ip_address:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address ip_address found] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
- Check with the user for any changes at the LDAP end:
- If it is identified that there was an upgrade performed on the LDAP servers, please ask the customer to roll back the changes to restore the system.
- The customer could also have changed the external IP addresses for the LDAP server before logging into Jive, locking the admin out of Jive. In this case, the customer should log in using a non-federated admin user:
- Go to
https://<your Jive URL>/admin
- Enter with your non-federated admin credentials.
- Navigate to People > Settings > Directory Server Settings.
- Change the IP address to the new ones, and check if any other setting needs to be changed.
- Type your LDAP password on the Authentication section.
- Click on Test settings at the bottom.
- After settings have been tested successfully, you will be able to click the Save button.
Note: If the customer does not have a non-fed admin user, you can have a conference call through Zoom or similar, and have the customer type the LDAP password. The LDAP password should be NEVER shared with Support, as it is sensitive information.
- Go to
Confirmation
After trying to log in again, the confirmation of connection to the LDAP server should be seen instead of the error message.
Comments
0 comments
Article is closed for comments.