OpenLDAP secure search fails with IPv6 when the certificate associated with the LDAP server has IPv6 address in the Subject Alternative Name field.
It fails to connect to the requested server if iManager is listening only on IPv4 address with the following error:
Unable to connect to the requested server. Verify the name/address and port.
To configure IPv6 for iManager to work with eDirectory, you must enable IPv6 using the following steps:
Set the following properties in the catalina.properties file and restart Tomcat.
java.net.preferIPv4Stack=false
java.net.preferIPv4Addresses=true
Note that java.net.preferIPv4Stack applies for iManager to work with eDirectory and java.net.preferIPv4Addresses applies for browsers to work with iManager.
Go to LDAP options > View LDAP Server > Connections > LDAP Server, then add LDAP interfaces for the IPv6 addresses with port numbers.
ldap://[xx::xx]:389 ldaps://[xx::xx]:636
Configure the Role-Based Services, then log out from the session and log in again.
A listener for an unspecified IPv6 address accepts both IPv4 and IPv6 connections on Linux. Because of this behavior, Linux does not allow you to start both IPv4 and IPv6 unspecified listeners for the same port at the same time. Therefore; if a listener is already configured for an unspecified IPv6 address, the listener on the unspecified IPv4 address fails to start. Linux uses an unspecified address for LDAP listeners.
On Windows, an unspecified IPv6 listener accepts only IPv6 connections. Therefore, you must configure a separate IPv4 listener to accept IPv4 connections along with IPv6 connections.
By default, both IPv4 and IPv6 listeners are configured for ldapInterfaces. Depending on the platform, ldapInterfaces starts the required listeners.