No response from the LDAP Server

[esbsilva]

Document: Configuring SPNEGO authentication
http://openliberty.io/docs/latest/configuring-spnego-authentication.html

Good afternoon.

I'm using the settings available in this article to configure communication between the i2 Analyze program and a client's LDAP.

The client uses a windows environment both on the LDAP server with AD and in the user environment.

However, when validating communication between the machines using the "klist" command mentioned in step 2.C.i, we are unable to obtain a response with the registered tickets.

In a controlled internal environment, we were able to configure this successfully.

Our question at the moment would be to understand if there is a recommended user profile for this communication to be successful.

Thank you very much for your help.

Yours sincerely.

Error SPNEGO.docx

[dmuelle]

Hi @esbsilva - Thanks for opening this issue. I am checking with our security team to better understand your problem and any gaps in our documentation and will provide a response asap.

[dmuelle]

Hi @esbsilva - our security team provided the following response:

When there are no tickets on the client, it is most likely because the client machine is not logged on to the Windows domain and did not get a chance to receive the tickets yet. In a controlled internal environment, the client machines are usually configured to be part of the domain.
Although the cited page does not cover all troubleshooting cases, if you need further assistance with this issue you can open a support ticket or review our support options.

We also have further LDAP/SPNEGO documentation that might be helpful:

• Configure Kerberos authentication for LDAP servers
• Troubleshooting Kerberos authentication to LDAP servers

Closing this issue as no doc updates are required at this time. Thanks