Unable to connect to LDAP Dev

Article Id: 37740
Status: Published
Updated On: 14-02-2018 07:36
Legacy Id: TEC1570814
Products:
CA Harvest Software Change Manager - OpenMake Meister
Issue/Introduction:

Problem: 

After upgrading to SCM 12.6 and putting the SSL Certificate out to the site, we are unable to access LDPA info from the SCM server.

Environment:  

Redhat Linux 6 Broker.

Cause: 

The SSL Certificates were not correct. The cert that we were trying to use was not enough. It required a Certificate chain for the tlstrcert option in hauthtst. The certificate that was generated was certchain.pem. It included the root and subordinate keys from the LDAP server. A privet key was also required.

Resolution:

1. Step One: The initial verification of the Certificates should be done outside the Harvest command set as follows. 

openssl s_client -CApath <path to certificate> -CAfile "<certificate file name>" -connect <Ldap server fully qualified>:<Ldap port, std=636>

You must see "verify return:1" in the top returned message. 

2. Step Two: After successful openssl verification you must move to hauthtst command to verify on the Harvest side as follows:

hauthtst -authmode=openldap "username of the testing user" -ldapmode=SSL -ldapport=636 -ldapserver=<where the LDAP Server is located> -ldapbasedn="<As defined by the LDAP Administrator>" -ldapbinddn="<As defined by the LDAP Administrator>" -ldapbindpw="********" -ldapfilter="<As defined by the LDAP Administrator>" -ldapattrusrname=<As defined by the LDAP Administrator> -tlskeyfile="<As defined by the LDAP Administrator>" -tlstrcertfile="<path and name of file generated in step one>" -ldapdebuglevel=-1 

3. Step Three:  After successful connection, create a dfo file using the userid and password in the previous command. Replace option -ldapbindpw="****** with -ldapbindpwfile="<encripted password file name>". Run the hauthtst command again.

4. Step Four:  When successful populate the HServer.arg file with the options in the previous command. Leave out -ldapdebuglevel=-1. 


You should be ready to start the Broker process and verify the Hservers start properly. Verify that Workbench can login to the broker. 

 

Additional Information:

 More information is available in the Harvest Implementation Guide, Chapter 15.

Environment:

Release: SCMNCR99000-12.5-Harvest-Software Change Manager-Named User-Competitive Replacem
Component: