Symantec Access Management

  • Private Community
 View Only

  • 1.  LDAP 81 error,but ldapsearch works

    Posted Nov 03, 2016 01:42 PM

    On my R1252CR4 Policy Server, there is a working AD connection over SSL. All of a sudden one day it failed to work.

    Telnet to ldap:3269 is sucessful

    When I run LDAP search, using

     

     ldapsearch -D "userdn" -w pwd -h ldap -p 3269 -b "dc=com" -s base "objectClass=
    *" -P /opt/netegrity/siteminder/sslcerts/cert8.db , I get successful response.

     

    Every 30 sec, My smps.log shows: 

    SmDsLdapConnMgr Bind. Server ldap : 3269. Error 81-Can't contact LDAP server

     

     smtrace after enabling every component and Data value: 

     

    [11/03/2016][12:39:41][3610741616][][SmDsLdapConnMgr.cpp:909][][][][][][][][][][][][][LogMessage:ERROR:[sm-Ldap-01370] SmDsLdapConnMgr Bind. Server ldap : 3269. Error 81-Can't contact LDAP server][5786][12:39:41.525][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

     

    Anyone can throw light?

     

    Same LDAP , same cert is being used from other policy servers and they seem to work well, atleast for now.

     

    Appreciate any help on further troubleshooting this issue.

     

    Policy server has been restarted multiple times..



  • 2.  Re: LDAP 81 error,but ldapsearch works

    Posted Nov 03, 2016 02:40 PM

    Hmm sounds interesting


    Few questions:


    1. So the view contents fails to fetch any record for this AD?

    2. Does the non SSL port 3268 works?

    3. Did you compare working vs non working Policy server registry for any difference? For e.g the referral related registry may have some influence to such behaviour.

    4. Will you be able to get the private key used for this secure connection? As that will be needed to decrypt the wireshark trace and review the failing LDAP calls:

    https://wiki.wireshark.org/SSL#Wireshark





  • 3.  Re: LDAP 81 error,but ldapsearch works

    Posted Nov 03, 2016 05:09 PM

    Hi Anil,

     

    You mentioned this is AD connection over SSL and was working before, worth checking on the server certificate validity (that was added to the certificate database file).



  • 4.  Re: LDAP 81 error,but ldapsearch works

    Posted Nov 03, 2016 05:42 PM

    Doubt that is the case as ldapsearch ssl connection works on the same policy server with the same certificate 



  • 5.  Re: LDAP 81 error,but ldapsearch works
    Best Answer

    Posted Nov 04, 2016 06:16 PM

    Upon further checking, I noticed, 'Secure Connection' Check box was unselected. This is a working config until it broke, and noone has authority to do make changes except me. All is well now. Have to go through audit details to see what happened. Thank You all for your suggestions.