Identity Manager Provisioning Directory Configuration error: "The directory credentials provided are invalid. A connection to the directory could not be established."
search cancel

Identity Manager Provisioning Directory Configuration error: "The directory credentials provided are invalid. A connection to the directory could not be established."

book

Article ID: 262475

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

While installing Identity Manager on the Provisioning Directory Configuration step customer experienced the error:

The directory credentials provided are invalid. A connection to the directory could not be established.

When using jXplorer on the same hostname and using the same username and password it works fine.

Environment

Release : 14.4

Cause

After running the main DSA with trace=all and inspecting logs this log was found:

? [252] 20230321.164807.812 WARN : 252:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:s3_srvr.c:1427:
? [252] 20230321.164807.812 WARN : ssld_ssl_request failed
? [252] 20230321.164807.812 WARN : TLS/SSL handshake failed for call from XXX.XXX.XXX.XXX

The customer is using the highest setting for TLS in their DSa configuration:

cipher = "TLSv1.2:!DH:!NULL"

Resolution

Our installer is not supporting such high levels of ciphers yet, it was suggested to use more lax ciphers during installation:

cipher = "HIGH:!SSLv2:!EXP:!aNULL:!eNULL"

This allows some TLSv1 ciphers which the installer uses to work, and the connection to be established.

Installation was completed after that, and the ciphers were changed to the original ones.

Additional Information

To enable trace=all on DSA:

Please edit C:\ Program Files\CA\Directory\dxserver\config\servers\<hostname>-impd-main.dxi and add set trace=all; at the end of the file, ie

# grid configuration

set dxgrid-db-location = "C:/Program Files/CA/Directory/dxserver/data/<hostname>-impd-main";

set dxgrid-db-size = 250;

set disable-transaction-log = false;

set disable-transaction-log-flush = false;

set lookup-cache = true;

set trace=all;

Initiate the dsa by running


dxserver init <hostname>-impd-main

Run the installer in DEBUG again (setup –log @ALL) and provide credentials - more info about installer debug here: https://knowledge.broadcom.com/external/article?articleId=53860

Please check both the install log as well as <hostname>-impd-main_trace.log for mentioned error.