Directory not trusted

Problem

uas3_diag log shows error message: directory not trusted

Solution

This error indicates that an ldap:// address has been used in a configuration, but the LDAP server is not trusted by the authentication method. For direct directory mapping from an authentication method, the authentication method must contain the LDAP hostname in the directory attribute of ubiloginConfString.

For example, to map TUPAS users to external directory users in the LDAP ldap://example.com/, each TUPAS authentication method in the hierarchy CN=Server,OU=System,CN=Ubilogin must have a multi-value attribute ubiloginConfString, with a value directory ldap://example.com/.

This can be verified with an LDAP browser tool as shown below.

Figure 2. Verifying external directory trust for a TUPAS authentication method