BROKER_LDAP_SSL_ADD_CERT_FAILED (391) Error Logging on to SecureLogin LDAP Client

  • 7940126
  • 19-Aug-2009
  • 26-Apr-2012

Environment

SecureLogin
SecureLogin SSO
3.5.1
LDAP


Situation

Issue

Customer extended the LDAP Schema on Critical Path Directory Server version 4.2 using an LDIF file supplied by Technical Support.

They then installed the SecureLogin client in LDAP mode and tried to login to the client but received the following 391 error:

BROKER_LDAP_SSL_ADD_CERT_FAILED (391) 

They used the SSLBind test utility provided by Technical Support which connected OK, but logon is failing.

Resolution

Cause

The customer had not exported the certificate and set it up correctly.

Solution

Customer re-exported the certificate in DER format.

The server named it caactive.cer but they renamed it to certificate.DER and copied it to the hard disk of the client.

Customer checked the client settings (viewable in the registry) and changed them as appropriate;

[HKEY_CURRENT_USER\Software\Protocom\SecureLogin\LDAP Settings]""LastUser""=""cn=jcitizen""""PrimaryHost""=""192.168.1.15""""SecondaryHost""=""""""PrimaryPort""=dword:0000027c ""SecondaryPort""=dword:00000000 ""SSL Cert File""=""C:\\Program Files\\Protocom\\SecureLogin\\certificate.der""""Context1""=""protocom""

Customer then set the ACLs (must be set manually in LDAP implementations other than Novell eDirectory or Microsoft Active Directory) for SecureLogin to run and were able to set a passphrase for the user and start using SecureLogin.