Starting level: 6100-04-06-1034

New level: 6100-06-04-1112

 

The problem:

LPAD authentication with active directory using SSL encyption does not work.

 

The Error:

# /usr/sbin/start-secldapclntd

Starting the secldapclntd daemon.
3001-710 SSL initialization failed. Check the SSL key path and key password
in the /etc/security/ldap/ldap.cfg file.
3001-710 SSL initialization failed. Check the SSL key path and key password
in the /etc/security/ldap/ldap.cfg file.
The secldapclntd daemon failed to start.

 

The Fix:

The LDAP library file /opt/IBM/ldap/V6.1/lib/libibmldap.a is now a symbolic link to /opt/IBM/ldap/V6.1/lib/libibmldapn.a

The libibmldapn.a library file does not support SSL.

 

To fix this I restored just the original /opt/IBM/ldap/V6.1/lib/libibmldap.a file from the mksysb backup I took prior to the upgrade and LDAP is now working with SSL.

The good file looks like this:

# ls -l libibmldap.a

-rwxr-xr-x 1 root system 655644 Apr 08 10:48 libibmldap.a