Removing LDAP binding from Management service

Removing LDAP binding from Management service

Hi All,

Having a bit of a nightmare with our on-prem SOTI again.

LDAP auth has worked fine until today, whereby we've made some PCI compliance based changes to fix SSL v1.0 and Sweet32 exploits.

I figured these changes may have upset the binding, so attempted to remove and re-create it.  However, whenever I try I just keep getting the error "Cannot delete LDAP connection 'NAME' because it's been referenced".

I have removed LDAP from all my add device rules, from the user details on every device Ive enrolled so far (only 3 so no great shakes) adn deleted all LDAP based admin accounts but it still keeps popping up.  The help guide suggests that the error should point out where the binding is still being referred to.....but....erm.....it absolutely does not!

Simple question I guess....is there an easy way of removing the binding.  Its not like I can even create a new one to replace it and leave the other in situ as it tries to verify the old binding as well.  If not does anyone know of a means to resolve?

V frustrating...quite a trivial thing really yet has become difficult.

Many thanks in advance

Paul

  • 03 May 2019
  • SOTI MobiControl
  • 2 Answers
  • 1 Upvote
  • 2 Followers
  • 1.9K Views
    • 2 Answers
    • 1 Upvote
    • 2 Followers

2 Answers

Order By:   Standard | Newest | Votes
Paul Piper | posted this 03 May 2019

It is running very latest release v14.3.2 build 1171 by the way.......

  • 0
  • 0
Paul Piper | posted this 07 May 2019

Hi All,

Figured out a workaround.

As I envisaged the changes made to the server for PCI compliance broke the LDAP integration, on whichever SSL mechanism it was relying upon.  In part my fault as I re-entered the LDAP password initially and believe now I most likely did incorrectly!

Having reset the password, setting the connection to to not use SSL has brought back connectivity.  Clearly what we have blocked for PCI compliance; the web console LDAP integration is reliant on for comms with AD.  I believe the changes have completely blocked the use of SSL v1, also TLS 1.0.  The Sweet32 fix disables one of the 3DES SSL cyphers so its something relating.

If it becomes an issue moving forward I'll log a support case.  Still frustrating that the attempted deletion of the LDAP config did not behave as per the help file!

Cheers

Paul

  • 1
  • 0

Give us your feedback
Give us your feedback
Feedback