Hello,
I’m experiencing a problem with the LDAP Connector (Novell.Directory.Ldap) in OutSystems: every attempt to bind over LDAPS to our OpenLDAP directory fails with the following error:
mathematicaCopierModifier[1] Connect Error at Novell.Directory.Ldap.LdapResponse.ChkResultCode() … at Novell.Directory.Ldap.LdapConnection.Bind(Int32 version, String dn, Byte[] passwd, LdapConstraints cons)…[2] BERDecoder: decode: EOF in Identifier at Novell.Directory.Ldap.Asn1.Asn1Identifier.Reset(Stream inRenamed) at Novell.Directory.Ldap.Connection.ReaderThread.Run()
Environment:
OutSystems Version: 11
LDAP Server: OpenLDAP (native LDAPS on port 636)
Can you confirm that this module supports native LDAPS binds on port 636 (without StartTLS) when connecting to OpenLDAP?
Thank you for your assistance!
Lahoucine
Hi @Lahoucine JAZZA
I implemented a change on the component that may help with this scenario, but I don't have a directory server that accepts connections on port 636.
Can you please download the new version (version 1.0.1) and test it ?
Let me know the results,
Tiago Resende
Hi,
Based on the error: BERDecoder: decode: EOF in Identifier. This typically points to an SSL handshake failure. (the SSL layer dropped out before proper data exchange). There are some common causes for this issue,
Missing or untrusted certificate on the client (OutSystems server)
Hostname mismatch between cert and server URL
Protocol mis-match (e.g., server expects only STARTTLS on port 389, not full LDAPS)
Firewall or network issues blocking SSL negotiation
Check the SSL handshake outside of OutSystems. From the OS hosting OutSystems, run:
openssl s_client -connect your.ldap.server:636 -showcerts
This will show whether the SSL handshake is successful and if the certificate chain is valid.
All my tests/usages were over port 389, but I don't believe there is a restriction to use with LDAPS with port 636 at the library level.
Not sure if you are in a on-premisse environment and have access to the server; if so, you can try to establish a ldaps connection to troubleshoot potential certificate issues. You can use tips from Janakiraman's answer and/or check this as an example.
Hope this helps,
Hi Janakiraman & Tiago
Thanks a lot for your support. Unfortunately, I am still facing the same issue.
I ran an LDAP connectivity test from the server hosting OutSystems 11 OnPrem using Apache Directory Studio. The connection to the LDAP directory is successful, which confirms that both network access and the certificate chain are properly configured at the server level.
However, the test from the OutSystems application still fails (BERDecoder: decode: EOF in Identifier error), even though the LDAP server certificate is present and recognized in the Windows Server keystore.
To summarize:
LDAP test via Apache Directory Studio: ✅ Successful
LDAP test via OutSystems application: ❌ Fails (BERDecoder: decode: EOF in Identifier)
Certificate is correctly present and trusted in the Windows Server keystore
Is there a version of the "LDAP Connector" module that fully supports LDAPS connections (SSL/TLS over port 636)? Or are there any known limitations or specific requirements regarding LDAPS support in the current version we are using?
This information would help us rule out any compatibility issues at the module level.
Thanks in advance for your clarification.
Hi Tiago,
Unfortunately, version 1.0.1 is not working. I'm attaching a C# script that I use to successfully connect to my LDAPS directory.
I hope this helps in upgrading the module to support LDAP over SSL.
Hi @Tiago Resende,
After setting "UseLDAPS" to "True" in SearchEntry server Action and restart the server. I can now connect to my LDAPS Server.
Thank you a lot for your help.