Unable to save LDAP configuration and getting Error "Could not update master user list"

For sample logs:
2017-08-21T09:21:30.411-0700 | 3811F15F6AE686BC | INFO | http-nio-14443-exec-11 | com.citrix.cg.identity.ldap.LdapManager | Given baseDN 'dc=domain,dc=example,dc=com'is valid:true 
2017-08-21T09:21:30.921-0700 | 3811F15F6AE686BC | ERROR | http-nio-14443-exec-11 | com.citrix.xms.oca.imil.service.impl.MasterUserListServiceImpl | Could not update Master User List. 
com.citrix.xms.oca.imil.exception.IMILException: Invalid input data in Group base DN 

or

Error:User '' bind failed with domain 'example.domain.com' Reason:Xxx.yyy.zzz.ddd
From the :3269 - We can see the global catalog is rejecting the configuration.

or

In XenMobile Server logs you will come across the following error messages:

2015-12-30T13:20:27.476+0100 | BFEA67E3D920C0B3 | ERROR | http-nio-14443-exec-1 | com.citrix.xms.oca.imil.service.util.LDAPUtils | Check LDAP details validation fails:
javax.naming.CommunicationException: simple bind failed: example.domain.com [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)

2015-12-30T13:20:27.478+0100 | BFEA67E3D920C0B3 | ERROR | http-nio-14443-exec-1 | com.citrix.xms.oca.imil.service.util.LDAPUtils | Error in inputvalidation:
com.citrix.xms.oca.imil.exception.InputDataValidationException: simple bind failed: example.domain.com:636
at com.citrix.xms.oca.imil.service.util.LDAPUtils.checkMasterUserList(LDAPUtils.java:424)

2015-12-30T13:20:27.479+0100 | BFEA67E3D920C0B3 | ERROR | http-nio-14443-exec-1 | com.citrix.cg.bo.spring.impl.InternalUserListServiceImpl | Input Data validation Failed in updateMasterUserList: Please upload the certificate before enable secure connection for LDAP
2015-12-30T13:20:27.482+0100 | BFEA67E3D920C0B3 | ERROR | http-nio-14443-exec-1 | com.citrix.xms.oca.imil.service.impl.MasterUserListServiceImpl | Failed to update Master User List to ZDM
com.citrix.xms.oca.imil.exception.IMILException: Please upload the certificate before enable secure connection for LDAP

This software application is provided to you as is with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that: (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the software application be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the software application.

---

Problem Cause

This issue usually happens due to following reasons

1. When there is invalid LDAP configuration.
2. Global catalog is rejecting the configuration.
3. XenMobile is unable to trust to Active directory because the Root (AD) cert was not uploaded on XM Server. 

 

This article summarizes the steps to follow if in case you receiving "Could not update master user list" while saving the LDAP configuration on XenMobile web console.