SAP Knowledge Base Article - Preview

3060371 - ASE ldaps fails to connect - SAP ASE

Symptom

ASE ldaps connection fails, but is successful with other versions of ASE with the same configuration:
sectrace.ini (KBA# 2743343)
[SSL         ][     7] Cli-0000000B: ClientHello: Offering protocol version 3.0 (SSLv3)
[SSL         ][     7] Cli-0000000B: ClientHello: no session resumption requested (empty session ID)
[SSL         ][     7] Cli-0000000B: Summary: Offering 8 cipher suite(s) and SCSV(s):
[SSL         ][     7]     < 0> : TLS_RSA_WITH_AES128_CBC_SHA
[SSL         ][     7]     < 1> : TLS_RSA_WITH_AES256_CBC_SHA
[SSL         ][     7]     < 2> : TLS_RSA_WITH_3DES_EDE_CBC_SHA
[SSL         ][     7]     < 3> : TLS_RSA_WITH_RC4_128_SHA
[SSL         ][     7]     < 4> : TLS_RSA_WITH_RC4_128_MD5
[SSL         ][     7]     < 5> : TLS_RSA_WITH_NULL_SHA
[SSL         ][     7]     < 6> : TLS_RSA_WITH_NULL_MD5
[SSL         ][     7]     < 7> : Signaling cipher suite value (SCSV) secure renegotiation (RFC5746)
[SSL         ][     7] Cli-0000000D: ClientHello.compression_methods.size: 1
[SSL         ][     7] Cli-0000000D: ClientHello.compression_methods<0> = 0, NULL compression.
[SSL         ][     7] Cli-0000000D: Writing ClientHello extensions at offset 0x3b
[SSL         ][     7] Cli-0000000D: No ClientHello extensions were written
[SSL         ][     7] Cli-0000000D: Sending SSLv3/TLS ClientHello
[SSL         ][     7] Cli-0000000D: Function ssl3_write_pending returning 59. OK
[SSL         ][     7] Cli-0000000D: Function ssl3_finish_mac returning 0. OK
[SSL         ][     7] Cli-0000000D: Function ssl3_write_bytes returning 59. OK
[SSL         ][     7] Cli-0000000D: Function ssl3_do_write returning 1. OK
[SSL         ][     7] Cli-0000000D: Function ssl3_client_hello successfully returns 1.
[TLSOLDAP    ][     7] BIO read error: 0x000000e8
[SSL         ][     7] Cli-0000000D:  Function ssl3_read_n returning -1.
[SSL         ][     7] Cli-0000000D:  Function ssl3_get_record returning -1.
[SSL         ][     7] Cli-0000000D: ssl3_part_read returned '0xffffffff'
[SSL         ][     7] Cli-0000000D:  Function ssl3_part_read returning -1.
[SSL         ][     7] Cli-0000000D:  Function ssl3_get_message returning -1.
[SSL         ][     7] Cli-0000000D:  Function ssl3_get_server_hello returning -1.
[SSL         ][     7] Cli-0000000D:  Function ssl3_connect returning -1.
[SSL         ][     7] Cli-0000000D: Error 0xFFFFFFFF:
[SSL         ][     7]     Unknown error
[SSL         ][     7]     SSL3 client handshake failed

ASE log "dbcc traceon(3635, 3637)"
kernel  ulauthreq(): entered.
kernel  klbindfunc(c000000383cf8ba0)
kernel  Binding to primary('NULL', '********', 'NULL', 'ldaps://ldaphost:636/')
kernel  klbind() entry, authname NULL, password ********, searchname NULL, ldapurl ldaps://ldaphost:636/, distnamebuf c000000383cf7d90, distnamesize 68, distnamesfound c000000383cf9178, aeiv c000000383cf9210
kernel  klbind: StartTLS is set to 'true'
kernel  Display parsed ldap url 'ldaps://ldaphost:636/':
kernel  host: ldaphost
kernel  port: 636
kernel  search base:
kernel  No attributes in URL
kernel  scope: base (0)
kernel  no filter in URL
kernel  attempting to set protocol to LDAP_VERSION3.
kernel  Authenticating: dn="CN=Admin,DC=realm,DC=com" password="********"
kernel  ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT) server connection timeout 10000 millisecs
kernel  attempting to set LDAP Server search timeout 10 secs
kernel  ldap_simple_bind failed, error, -1 [Can't contact LDAP server]
kernel  Failed to authenticate: dn="CN=Admin,DC=realm,DC=com", ldap error Can't contact LDAP server.
kernel  klbind: RETRY_ATTEMPT: 1
kernel  ldap_simple_bind failed, error, -1 [Can't contact LDAP server]
kernel  Failed to authenticate: dn="CN=Admin,DC=realm,DC=com", ldap error Can't contact LDAP server.


Read more...

Environment

  • SAP Adaptive Server Enterprise (ASE) Software Developer Kit (SDK) 16.0 SP03 PL03

Product

SAP Adaptive Server Enterprise 16.0 ; SAP Adaptive Server Enterprise SDK 16.0

Keywords

CR# 814574, CR#814574, CR814574, ldaps, ldap, encryption, ssl, tls, connect, conn, active directory, openldap , KBA , BC-SYB-ASE , Sybase ASE Database Platform (non Business Suite) , BC-SYB-SDK , SDK , Known Error

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.