【IAG】Unable Sync With External LDAP Server

Issue Description

User feedback that the LDAP server unable to sync with IAM and unable test for the validity.

Handling Process

1. Checked IAM able to ping and telnet port 389 to the LDAP server.

2. As per capture packet with IAM and LDAP server condition, found out LDAP server reply with StrongAuthRequired (BindSimple: Transport encryption required.)
   

3. Found in google search means this means the LDAP server only allow connection LDAP over SSL/TLS which is LDAPS.
   

Solution

1. Due to currently IAM unable to support LDAPS (LDAP over SSL/TLS), user disable the SSL/TLS setting in his/her LDAP server.
2. After disabled, IAM able sync with LDAP server user and group to IAM.