PrinterOn KB Powered By ePRINTit USA

Bind fails when testing LDAP over SSL - c07720110

Microsoft will be hardening access to Active Directory in the near future, which would require the PrinterOn solution to communicate over TLS.

A failure to bind to could be due to the configuration options selected in the LDAP profile within PrinterOn Configuration Manager. When Enabling SSL, ensure the LDAP URI reflects the ldaps:// protocol with the appropriate port defined (port 636 is the default LDAPS port). In addition, the "Enable Strict SSL Validation" option should also be enabled.

There are 3 main fixes to overcome the failure to bind when using SSL, listed in order of preference.


From the Java release notes:

Change: Improve LDAP support

Endpoint identification has been enabled on LDAPS connections.

To improve the robustness of LDAPS (secure LDAP over TLS) connections, endpoint identification algorithms have been enabled by default.

Note that there may be situations where some applications that were previously able to successfully connect to an LDAPS server may no longer be able to do so. Such applications may, if they deem appropriate, disable endpoint identification using a new system property