LDAP SECURITY ADAPTER FAILS WHEN CONFIGURED FOR SSL IN SIEBEL 8.1 ON WIN 2008

(Doc ID 1359737.1)

Last updated on MAY 30, 2017

Applies to:

Siebel CRM - Version 8.1.1 [21112] and later
Microsoft Windows x64 (64-bit) - Version: 2008 R2
Microsoft Windows 2008 R1 and R2


Symptoms

LDAP Security Adapter fails when configured for SSL in Siebel 8.1 on Windows 2008 (specifically). This platform is officially supported (see <Document 781428.1>). Attempting to connect to the Siebel application associated with the LDAP Security Adapter produces the following error message:

"The server you are trying to access is either busy or experiencing difficulties. Please close the Web browser, open a new browser window, and try logging in again."

ERROR MESSAGES -- Pattern 1
ldap_ssl_client_init(key.kdb, ...) returns 113.
ldap_ssl_init(10.123.456.789, 636, ...) returns 0.
Ldap Utility: GetLdapHandle returns 3
LDAP SecurityFreeErrMessage8, ErrMessage=e368d48.

SBL-SEC-10018: ldap_ssl_init failed
SBL-SEC-10001: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
SBL-DAT-00565: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
SBL-SVC-00208: Please login first.


ERROR MESSAGES -- Pattern 2

ldap_sasl_bind (d9a918, ou=siebel,ou=applications,ou=yyyyy,dc=xxxxx,dc=com, , ?, d9b970, NULL, 3) returns 81
Ldap Utility: BindAsAppUser failed for some unknown reasons, please check the parameters and contact your directory server administrator, Can't contact LDAP server

(secmgr.cpp (2830) err=4597521 sys=0) SBL-SEC-10001: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
(physmod.cpp (9382)) SBL-DAT-00565: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
(model.cpp (5978)) SBL-DAT-00565: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
(ctxtmgr.cpp (4567)) SBL-SVC-00208: Please login first.

STEPS
Follow Bookshelf Security Guide instructions to configure LDAP Security Adapter with SSL. This requires the following:
1. Root CA certificate from the directory server
2. Client keyfile generated using IBM GSKit and adding the above certificate
3. Configuring the LDAP Security Adapter by setting the parameters Port (636 for secure LDAP by default) and SslDatabase (pointing to the .KDB file generated by GSKit)
4. Restart the Siebel server and attempt to login to the application

NOTE: The IBM LDAP search utility LDAPSEARCH runs successfully *only* when Compatibility Mode is set to Windows 2003 Service Pack 1. Applying this setting to the SIEBMTSHMW executable does not have the same affect - and the LDAP Security Adapter still fails.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms