AIX Geeks: AIX/LDAP • ldap_ssl_client_init failed! rc == -1, failureReasonCode == 1600547192

aix01:⁄# mksecldap -c -h serverlist -a bindDN -p bindpwd -d baseDN

GSKit8.gskcrypt32.ppc.rte

GSKit8.gskcrypt64.ppc.rte

GSKit8.gskssl32.ppc.rte

GSKit8.gskssl64.ppc.rte

gskak.rte

gskjs.rte

gskjt.rte

gsksa.rte

gskta.rte

ldap_ssl_client_init failed! rc == -1, failureReasonCode == 1600547192

Unknown SSL error

Client presetup check failed.

 To Fix:

1. Verify gskit fileset version and update if needed.

aix01:⁄# lslpp -l | grep gsk

  GSKit8.gskcrypt32.ppc.rte

  GSKit8.gskcrypt64.ppc.rte

  GSKit8.gskssl32.ppc.rte   8.0.14.6  COMMITTED  IBM GSKit SSL Runtime With

  GSKit8.gskssl64.ppc.rte   8.0.14.6  COMMITTED  IBM GSKit SSL Runtime With

  gskak.rte                 6.0.5.41  COMMITTED  AIX Certificate and SSL Base

  gskjs.rte                 7.0.3.18  COMMITTED  AIX Certificate and SSL Java

  gskjt.rte                 7.0.3.18  COMMITTED  AIX Certificate and SSL Java

  gsksa.rte                 7.0.3.18  COMMITTED  AIX Certificate and SSL Base

  gskta.rte                 7.0.3.18  COMMITTED  AIX Certificate and SSL Base

For Install, Uninstall and Upgrade instructions refer to:

GSKit V7 - Install, Uninstall and Upgrade instructions for AIX systems

2. After update the gskit fileset, verify filesets new version.

aix01:⁄# lslpp -l | grep gsk

  GSKit8.gskcrypt32.ppc.rte

  GSKit8.gskcrypt64.ppc.rte

  GSKit8.gskssl32.ppc.rte   8.0.14.6  COMMITTED  IBM GSKit SSL Runtime With

  GSKit8.gskssl64.ppc.rte   8.0.14.6  COMMITTED  IBM GSKit SSL Runtime With

  gskak.rte                 6.0.5.41  COMMITTED  AIX Certificate and SSL Base

  gskjs.rte                 7.0.3.18  COMMITTED  AIX Certificate and SSL Java

  gskjt.rte                 7.0.3.18  COMMITTED  AIX Certificate and SSL Java

  gsksa.rte                 7.0.4.44  COMMITTED  AIX Certificate and SSL Base

  gskta.rte                 7.0.4.44  COMMITTED  AIX Certificate and SSL Base

3. Verify if max_crypto is installed. If it’s not, install it.

aix01:⁄mksysb_nim# lslpp -l | grep idsldap

  idsldap.clt32bit61.rte    6.1.0.40  COMMITTED  Directory Server - 32 bit

  idsldap.clt64bit61.rte    6.1.0.40  COMMITTED  Directory Server - 64 bit

  idsldap.clt_max_crypto32bit61.rte

  idsldap.clt_max_crypto64bit61.rte

  idsldap.cltbase61.adt     6.1.0.40  COMMITTED  Directory Server - Base Client

  idsldap.cltbase61.rte     6.1.0.40  COMMITTED  Directory Server - Base Client

  idsldap.ent61.rte         6.1.0.26  COMMITTED  Directory Server - Entitlement

  idsldap.clt32bit61.rte    6.1.0.40  COMMITTED  Directory Server - 32 bit

  idsldap.clt64bit61.rte    6.1.0.40  COMMITTED  Directory Server - 64 bit

  idsldap.cltbase61.rte     6.1.0.40  COMMITTED  Directory Server - Base Client

4. Run mksecldap again.

Friday, October 4, 2013