Error thrown during LDAP replication configuration

Products

Security Information Manager

Issue/Introduction

When you run dirreplicatool.bat command the following error is thrown when initializing NSS.

Configuring NSS provider
Error configuring SunPKCS11 crypto provider
java.security.ProviderException: Error parsing configuration
        at sun.security.pkcs11.Config.getConfig(Config.java:71)
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:110)
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:86)
        at com.symantec.cas.tools.replicate.security.SecurityClient.configurePro
vidersFIPS(SecurityClient.java:286)
        at com.symantec.cas.tools.replicate.security.SecurityClient.initSSL(Secu
rityClient.java:213)
        at com.symantec.cas.tools.replicate.security.SecurityClient.init(Securit
yClient.java:143)
        at com.symantec.cas.tools.replicate.security.SecurityClient.getInstance(
SecurityClient.java:125)
        at com.symantec.cas.tools.replicate.security.LDAPSSLSocketFactory.<init>
(LDAPSSLSocketFactory.java:52)
        at com.symantec.cas.tools.replicate.engine.Directory.getSocketFactory(Di
rectory.java:199)
        at com.symantec.cas.tools.replicate.engine.Directory.createLDAPConnectio
n(Directory.java:231)
        at com.symantec.cas.tools.replicate.engine.Directory.connect(Directory.j
ava:57)
        at com.symantec.cas.tools.replicate.Main.doReplication(Main.java:307)
        at com.symantec.cas.tools.replicate.Main.main(Main.java:264)
Caused by: sun.security.pkcs11.ConfigurationException: Absolute path required fo
r library value: nss/lib
        at sun.security.pkcs11.Config.parseLibrary(Config.java:641)
        at sun.security.pkcs11.Config.parse(Config.java:397)
        at sun.security.pkcs11.Config.<init>(Config.java:194)
        at sun.security.pkcs11.Config.getConfig(Config.java:67)
        ... 12 more

Cause

This error does not impact the setup of the LDAP replication.

It is caused by insufficient path to the nss\lib in nss.cfg file

Sample of original incorrect nss.cfg

Resolution

Edit file nss.cfg located in the dirreplicatool and add full path to the nss\lib

Sample of corrected nss.cfg file