search cancel

LDAP error 81 after Policy Server Upgrade to 12.8 SP4

book

Article ID: 211857

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

After upgrading from R12.8SP1 to SP4, Policy Server fails to connect to LDAP userstore via SSL.

[SmDsLdapConnMgr.cpp:917][ERROR][sm-Ldap-01370] SmDsLdapConnMgr Bind. Server ldapserver.test.lab : 636. Error 81-Can't contact LDAP server

 

When reverting the Policy Server to old version the connection works again.

There was no change to the certificate on the LDAP servers.

Environment

Release : 12.8.04

Component : SITEMINDER -POLICY SERVER

Cause

cert8.db was generated using the older version of Policy Server and is no longer compatible with the NSS library bundled with R12.8SP4.

-------------------
certutil -L -d .
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
-------------------

 

Resolution

Create a new cert8.db using the certutil that comes with R12.8SP4.
How to generate cert8.db and import CA certificates.

Launch smconsole and point to the new cert8.db and restart the policy server.