Identities are not saved on PDP because the LDAP SSL fingerprint is not matched

Support Center > Search Results > SecureKnowledge Details

Solution ID	sk127833
Product	Identity Awareness
Version	R80.10, R80.20
OS	Gaia
Date Created	27-May-2018
Last Modified	07-May-2019

Symptoms

The user configured LDAP account unit servers to work with SSL.
Although the SSL fingerprint was changed on the server, it was not updated in SmartConsole.
The following error appears in the PDP debug:
@ . . . [Date & Time] ldap_ctx_fingerprint_check: ldap_async: SSL finger print does not match

Cause

AD Query sometimes requires a specific server to resolve LDAP group membership. If the SSL fingerprint verification fails, a fail back to another server will not occur.

Solution

Note: To view this solution you need to Sign In .