How can I fix an LDAP SSL error on Android 5.0.1?

d_a_parker

New member
Jun 19, 2015
3
0
0
Visit site
LDAP SSL error on Android 5.0.1

Hello!

I think I may have found a bug, but I'm not sure.

I have a non-rooted Verizon Galaxy S4 running Android 5.0.1, on which I am trying to set up a connection to an LDAP server via "Settings" > "Accounts" > "Add account" > "LDAP". The LDAP server is running Sun DSEE 6.3.1.1.1, requires SSL for client connections, and has a valid CA-signed SSL certificate which is not expired. I input the required information on the LDAP settings screen and check the box to use SSL, but when I attempt to verify the connection, it fails. Logcat shows that it is failing on an SSLHandshakeException (I can post the full stack trace if needed). The LDAP server shows the following when the phone attempts to connect:

SSL error -8181 (Peer's Certificate has expired.); unauthenticated client CN=vinod,OU=siso,O=siso,L=bangalore,ST=ka,C=in,E=vin<at>had<dot>com; issuer CN=vinod,OU=siso,O=siso,L=bangalore,ST=ka,C=in,E=vin<at>had<dot>com

(I had to use <at> and <dot> to avoid an error about posting links on this forum).

No other client has any trouble connecting to the LDAP server, nor does the openssl command from a Linux host. Indeed, a packet capture shows the LDAP server returning it's SSL certificate to the phone, and then the phone sending this bizarre certificate back to the server, which apparently the server believes is invalid. I can also post the captured packets is needed.

Does anyone know if this can be resolved? Given that everything else works fine with the LDAP server, it seems that this is almost certainly an issue with the LDAP app or default certificate on the phone and not with the server. Any suggestions are greatly appreciated.

Thanks!
 

Rukbat

Retired Moderator
Feb 12, 2012
44,529
26
0
Visit site
Re: LDAP SSL error on Android 5.0.1

Does it work with any other Android phone running 5.0.1?

If so, does it work with any other Samsung phone running 5.0.1?

That will localize it to an Android problem, a Samsung problem or just a difference in certificate handling. ("Standard" - that means "something to be ignored", doesn't it?) Since KitKAt, Android wifi has been having a problem with TKIP - with some manufacturers - so I wouldn't be surprised if, due to the fact that almost no one (I'm guessing) uses LDAP with a cellphone, they probably didn't do extensive tests on all different LDAP servers. It probably works on OpenLDAP, and they didn't go any further in testing.
 

d_a_parker

New member
Jun 19, 2015
3
0
0
Visit site
Re: LDAP SSL error on Android 5.0.1

Thanks for the suggestions. I'll have to hunt around and see if anyone I know has a phone running 5.0.1. I'm not really sure if non-Samsung phones will even have this LDAP settings screen, though. The stack trace in logcat showed a lot of classes in the com.samsung.ldapInterface package. I'll try to find at least one Samsung and non-Samsung running 5.0.1 or higher and see what happens. I'll post my results if I can find test devices.
 

Trending Posts

Forum statistics

Threads
941,392
Messages
6,908,580
Members
3,157,904
Latest member
Annika