Data Loss Prevention

Hello fellows,
 
I’m having a problem configuring a Directory connection in a DLP 14.5 installation. The error that appears at the Enforce Console is:
 
“Could not log in to the directory server with the specified credentials.”
 
At tomcat’s log, the error appears like this:
 
“Caused by: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FB, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1 ]”
 
I already tried another Domain Admin credentials, but no success.

I tried the "Use Secure Connection (SSL) option too. All options, with different credentials, alternative “Base DN’s”. The weird thing is that I made an AD integration with Data Insight and SEP in the same environment and it works smoothly.
 
I found that maybe is needed to import the AD certificate to make this work, but I tried that to with no results.
 
If anyone have some clue about this error, I’ll appreciate it.
 
Thank you!

Yes you will need to import the Active Directory certificate into your keystore within the Enforce System.

There is a tool called sslkeytool if i remember correctly that can help out.  THis article on Connect talks about this tool and how it works: https://www.symantec.com/connect/articles/sslkeytool-utility-and-server-certificates

You will need to import the cert from AD to the system.