Error "Identity store configuration error" or port 389 in use after configuring Tableau Server for LDAPS

Published: 06 Mar 2018
Last Modified Date: 31 Jul 2020


When configuring Tableau Server for Linux to use LDAPS authentication, all json key values are case-sensitive, including "sslPort". If your IdentityStore json file uses "sslport" the value will not be set, resulting in one of two issues:

If your LDAP server only accepts LDAPS requests on port 636, your initial configuration will fail with the error "Authentication Configuration Error: Identity store configuration error. Check that the configuration is valid."

If your LDAP server accepts requests over both LDAP and LDAPS, initial configuration will succeed, but future requests to the LDAP server will occur over port 389 using LDAP instead of port 636 using LDAPS. You may set up a Wireshark trace to capture the packets being sent and confirm that the identity store config file is trying to communicate on port 389.  



  • Tableau Server 10.5.1
  • Linux


If you encounter the error while initially configuring Tableau Server, you can correct your IdentityStore json file to use "sslPort" and re-import the file with these commands, where "/path/to/file.json" is replaced with the path to your IdentityStore json file:
tsm settings import -f /path/to/file.json
tsm pending-changes apply

If Tableau Server has already been configured and traffic to your LDAP server is being sent over port 389 instead of port 636, manually set your wgserver ports port with the below commands:
tsm configuration set -k wgserver.domain.port -v 636 
tsm configuration set -k wgserver.domain.ssl_port -v 636
tsm pending-changes apply

You will also need to make sure the root CA .crt file is stored in Tableau Server's CA store shown below:


Key values in Entity files are case-sensitive. By using "sslport" instead of "sslPort", the value is not set during Tableau Server configuration and must be updated. 
Did this article resolve the issue?