While installing Identity Manager on the Provisioning Directory Configuration step customer experienced the error:
The directory credentials provided are invalid. A connection to the directory could not be established.
When using jXplorer on the same hostname and using the same username and password it works fine.
Release : 14.4
After running the main DSA with trace=all and inspecting logs this log was found:
? [252] 20230321.164807.812 WARN : 252:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:s3_srvr.c:1427:
? [252] 20230321.164807.812 WARN : ssld_ssl_request failed
? [252] 20230321.164807.812 WARN : TLS/SSL handshake failed for call from XXX.XXX.XXX.XXX
The customer is using the highest setting for TLS in their DSa configuration:
cipher = "TLSv1.2:!DH:!NULL"
Our installer is not supporting such high levels of ciphers yet, it was suggested to use more lax ciphers during installation:
cipher = "HIGH:!SSLv2:!EXP:!aNULL:!eNULL"
This allows some TLSv1 ciphers which the installer uses to work, and the connection to be established.
Installation was completed after that, and the ciphers were changed to the original ones.
To enable trace=all on DSA:
Please edit C:\ Program Files\CA\Directory\dxserver\config\servers\<hostname>-impd-main.dxi and add set trace=all; at the end of the file, ie
# grid configuration
set dxgrid-db-location = "C:/Program Files/CA/Directory/dxserver/data/<hostname>-impd-main";
set dxgrid-db-size = 250;
set disable-transaction-log = false;
set disable-transaction-log-flush = false;
set lookup-cache = true;
set trace=all;
Initiate the dsa by running
dxserver init <hostname>-impd-main
Run the installer in DEBUG again (setup –log @ALL) and provide credentials - more info about installer debug here: https://knowledge.broadcom.com/external/article?articleId=53860
Please check both the install log as well as <hostname>-impd-main_trace.log for mentioned error.