Resolving LDAP over TLS connection issues in Adobe Campaign Classic

This article explains how to resolve sign-in issues when using LDAP over TLS in Adobe Campaign Classic. Using the correct port and ensuring proper configuration settings within both your network environment and deployment wizard should help you establish a successful secure connection via TLS/SSL.

Description description

Environment

Adobe Campaign Classic v7, Build 9359 (on-premises)

Issues/Symptoms

When setting up LDAP on Adobe Campaign Classic using port 6360 for secure communication (TLS), the following error occurs:

LDA-340003 Error when authenticating cn=app_auth_campaign,ou=Users,dc=ldap-govwest1,dc=com using PLAIN TEXT on ldap.preprod.dcc.atagc.com:6360 (err=-1, Can't contact LDAP server) (iRc=16384)

However, using the ldapsearch command to connect to the LDAP server in an environment other than Adobe Campaign, you are able to sign in successfully. This shows that the network and LDAP server setup are correct. Therefore, the issue is likely with how Adobe Campaign Classic is configured to connect to the LDAP server.

Resolution resolution

To resolve the issue, follow these steps:

  1. Use the correct port:

    • Adobe Campaign Classic does not support plain text password authentication with SSL/TLS on port 636.
    • Use port 389, which supports STARTTLS. This port initiates an unencrypted connection, which is then upgraded to a secure TLS connection.
  2. Configure the Deployment Wizard:

    • In the Deployment Wizard, select Plain text password + SSL (TLS) as the authentication method.

Why port 389

  • Port 389 is versatile, supporting both unencrypted and encrypted LDAP communication.
  • STARTTLS ensures that an initial unencrypted connection is upgraded to a secure TLS connection, adding encryption on demand.
  • Plain text password + SSL (TLS) ensures that entire authentication procedure (password included) is encrypted.

Connecting through LDAP

recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f