Highlighted
Absent Member.
Absent Member.
2711 views

Secure ldap problem: error 81 / d06b

Hi everyone,

I'm having a problem configuring secure ldap on GroupWise 2014sp1. When I configure plain ldap, everything goes fine.

When i configure secure ldap i get a d06b error in the webmail interface and an "error 81" error in the poa log.

I am 99.999% sure that my entered root CA is correct (obligated proof):
command: openssl s_client -connect <ldaps hostname>:636 -CAfile cert.b64
output:
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 32516CCF8C1DC15A50630366AB2213FA1333ED31F816FDD130AE8153BFE61833
Session-ID-ctx:
Master-Key: 55B09601C74F8C9FDA43BBE58285D4511F8C4B0C5289ACC398649DB7016BF841DE6B39080218FCBFB1A0FCA32135BC9D
Key-Arg : None
Start Time: 1419348927
Timeout : 300 (sec)
Verify return code: 0 (ok)
---


And i've entered this same file here:


Am i missing something here?

Kind Regards,
Justin Zandbergen
Labels (1)
0 Likes
9 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Secure ldap problem: error 81 / d06b

Hi Justin,

Just a few things to check.... as far as I am aware the certificate file needs to be in .der format, but I stand to be corrected on this. Also, just for reference the certificate file name should adhere to 8.3 naming convention. You also need to enter the path to the certificate and I'm unable to correct see from your graphic if you are doing so.

Let us know how it goes.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Secure ldap problem: error 81 / d06b

Hi Laura,

Thanks for the reply!

I have uploaded the .der the path was c:\cert.der (I used the .b64 for the openssl command).

I need to go now, so I will have to slay this beast tomorrow 🙂

Cheerio!
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Secure ldap problem: error 81 / d06b

Hi Justin,

If you are setting up an SSL connection to eDirectory you will need to export the root certificate stored in eDirectory.

Try that and let us know how it goes.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Secure ldap problem: error 81 / d06b

Hi Laura,
I know, that is what i am doing. And as i showed with the openssl command i have entered the appropiate rootcert.

(also i have repeated the same procedure in my personal test environment, and there everything works perfectly on secure ldap, so I do not a suspect a "user problem".... "said the user" 😉
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Secure ldap problem: error 81 / d06b

Hi,

I'm not too sure what to suggest next as I'm unable to duplicate the error in my environment. Let me think about it for a while.... I'll get back to you if I get a good idea 🙂

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Secure ldap problem: error 81 / d06b

Hi Laura,

Don't think too much about it 🙂 I have opened a SR at novell and it seems i have some DB errors. We can see for example ldap configurations in de poa startup log that we cannot find anywhere in our webinterface. So we tried the usual topdown rebuild and some other fancy hoodoo-voodoo but that did not fix the problem. So the primary domain db lays at novell for further investigation. To be continued.... 🙂

I'll let you know when i have some news

Thanks for your help and a merry x-mass!

Kind Regards,
Justin Zandbergen
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Secure ldap problem: error 81 / d06b

Hi Justin,

Ah, DB problems can cause all nasty things to crawl out of the woodwork 😉

Please keep us updated with what happens so that we can all learn from this experience.

Thank you for your wishes and hope that you have a very good Christmas too.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Absent Member.
Absent Member.

[FIXED] Re: Secure ldap problem: error 81 / d06b

Ok, the stuck ldap server is removed by the following
[ngw] GW2014 LDAP Server can't be removed

Morris Blackham mblackham at gw.novell.com
Tue Jul 29 15:30:57 UTC 2014
Previous message: [ngw] GW2014 LDAP Server can't be removed
Next message: [ngw] Antw: Re: GW2014 LDAP Server can't be removed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dang, bug... Developer is fixing as we speak. But here's a way to allow you to delete the directory.

1. In the admin Console, select the MTA's to list all the MTA's

2. In the filter field (right hand side above the mta list) Enter a filter of "syncLdapServerName != null" . This will give you a list of MTA's that have the sync flag set.

3. Now the fun part... From a Linux terminal window enter this command for any MTA's you found for the filter above.

curl -k --user gwadmin:password -H "Content-type:application/json" --data "{\"syncLdapServerName\":\"\"}" -X PUT https://youradminserverip:9710/gwadmin-service/domains/yourdomainname/mta

make sure you get all the escaped quotes correct inside the { } for the data portion and the syncLdapServerName tag is case sensitive..


And if you want to use the CA certificate it must be the "Selfsigned certificate" not the CA issued by NICI.... (i feel so stupid, i have it in my test setup actually like this. Anywho, fixed!)

edit, picture for clarity:
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: [FIXED] Re: Secure ldap problem: error 81 / d06b

Hi,

So glad that you got this fixed. Thank you very much for the feedback - that way we all learn 🙂

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.