SecureLogin won't connect to eDirectory

  • 7022748
  • 19-Mar-2018
  • 19-Jun-2019

Environment

NetIQ SecureLogin
NSL8.6
NSL8.7
eDirectory environment
Using LDAP (no Novell / OES Client)

Situation

Unable to attach to LDAP server after upgrading SecureLogin to v 8.6
Can't login to LDAP server with SecureLogin 8.7
Securelogin 8.6 or 8.7 fails to connect when installed in eDirecrtory ldap mode
Microsoft Visual C++ Runtime Library error:    “Assertion failed†for the expression "LDAP_Valid (ID)" 

Resolution

In iManager  do the following:

Check the certificate in eDirectory and make sure the subject name for the certificate matches the server DNS name or alternative subject name.

If it doesn't match, edit or recreate the eDirectory certificate in iManager using the "NeIQ Certificate Server†plugin.  You will need to use the "custom" option.  

Edit the certificate and as "Subject alternative names," add the names of all servers.  Include any load balancer or virtual server names as well.


On the workstation do the following:

In the NSL LDAP Client, use the DNS name of the server instead of the IP addresss.  The name entered here needs to match the server DNS name or the alternative subject name in the LDAP certificate. 


Note:  Beginning with NSL 8.6,  LDAP SDK requires the full DNS name to be used. It does not honor aliases (example: it should be corp-eDir.labs.blr.novell.com or IP address, it may not work with alias name like “corp-eDirâ€)


Cause

Certificate name did not match the name of the eDirectory server.

Additional Information

Security updates made in the eDirectory API used by SecureLogin 8.6 require that the subject name of the certificate match the name of the eDirectory server.