LDAP error 81 after Policy Server Upgrade to 12.8 SP4

book

Article ID: 211857

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

After upgrading from R12.8SP1 to SP4, Policy Server fails to connect to LDAP userstore via SSL.

[SmDsLdapConnMgr.cpp:917][ERROR][sm-Ldap-01370] SmDsLdapConnMgr Bind. Server ldapserver.test.lab : 636. Error 81-Can't contact LDAP server

 

When reverting the Policy Server to old version the connection works again.

There was no change to the certificate on the LDAP servers.

Cause

cert8.db was generated using the older version of Policy Server and is no longer compatible with the NSS library bundled with R12.8SP4.

-------------------
certutil -L -d .
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
-------------------

 

Environment

Release : 12.8.04

Component : SITEMINDER -POLICY SERVER

Resolution

Create a new cert8.db using the certutil that comes with R12.8SP4.
How to generate cert8.db and import CA certificates.

Launch smconsole and point to the new cert8.db and restart the policy server.