Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.
Environment
Situation
Issue
Customer extended the LDAP Schema on Critical Path Directory Server version 4.2 using an LDIF file supplied by Technical Support.
They then installed the SecureLogin client in LDAP mode and tried to login to the client but received the following 391 error:
BROKER_LDAP_SSL_ADD_CERT_FAILED (391)
They used the SSLBind test utility provided by Technical Support which connected OK, but logon is failing.
Resolution
Cause
The customer had not exported the certificate and set it up correctly.
Solution
Customer re-exported the certificate in DER format.
The server named it caactive.cer but they renamed it to certificate.DER and copied it to the hard disk of the client.
Customer checked the client settings (viewable in the registry) and changed them as appropriate;
[HKEY_CURRENT_USER\Software\Protocom\SecureLogin\LDAP Settings]""LastUser""=""cn=jcitizen""""PrimaryHost""=""192.168.1.15""""SecondaryHost""=""""""PrimaryPort""=dword:0000027c ""SecondaryPort""=dword:00000000 ""SSL Cert File""=""C:\\Program Files\\Protocom\\SecureLogin\\certificate.der""""Context1""=""protocom""
Customer then set the ACLs (must be set manually in LDAP implementations other than Novell eDirectory or Microsoft Active Directory) for SecureLogin to run and were able to set a passphrase for the user and start using SecureLogin.