LDAP error 81 after Policy Server Upgrade to 12.8SP4
search cancel

LDAP error 81 after Policy Server Upgrade to 12.8SP4

book

Article ID: 211857

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction


After upgrading from version 12.8SP1 to SP4, the Policy Server fails to connect to LDAP User Store via SSL. The Policy Server returns this error message:

[SmDsLdapConnMgr.cpp:917][ERROR][sm-Ldap-01370] SmDsLdapConnMgr Bind. Server ldapserver.example.com : 636. Error 81-Can't contact LDAP server

When reverting the Policy Server to old version, the connection works again.

There was no change to the certificate on the LDAP servers.

 

Environment


Policy Server 12.8SP04

 

Cause


The cert8.db was generated using the older version of the Policy Server and is no longer compatible with the NSS library bundled with the Policy Server version 12.8SP4.

-------------------
certutil -L -d .
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
-------------------

 

Resolution


Create a new cert8.db using the certutil that comes with the Policy Server version 12.8SP4 (1).

Launch the smconsole and point it to the new cert8.db and restart the Policy Server.

 

Additional Information

 

  1. How to generate cert8.db and import CA certificates.
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/configure-policy-server-data-storage-options/configure-an-ssl-connection-to-an-ldap-data-store.html