SAP Knowledge Base Article - Preview

3060371 - ASE ldaps fails to connect - SAP ASE

Symptom

ASE ldaps connection fails, but is successful with other versions of ASE with the same configuration:
sectrace.ini (KBA# 2743343)
[SSL         ][     7] Cli-0000000B: ClientHello: Offering protocol version 3.0 (SSLv3)
[SSL         ][     7] Cli-0000000B: ClientHello: no session resumption requested (empty session ID)
[SSL         ][     7] Cli-0000000B: Summary: Offering 8 cipher suite(s) and SCSV(s):
[SSL         ][     7]     < 0> : TLS_RSA_WITH_AES128_CBC_SHA
[SSL         ][     7]     < 1> : TLS_RSA_WITH_AES256_CBC_SHA
[SSL         ][     7]     < 2> : TLS_RSA_WITH_3DES_EDE_CBC_SHA
[SSL         ][     7]     < 3> : TLS_RSA_WITH_RC4_128_SHA
[SSL         ][     7]     < 4> : TLS_RSA_WITH_RC4_128_MD5
[SSL         ][     7]     < 5> : TLS_RSA_WITH_NULL_SHA
[SSL         ][     7]     < 6> : TLS_RSA_WITH_NULL_MD5
[SSL         ][     7]     < 7> : Signaling cipher suite value (SCSV) secure renegotiation (RFC5746)
[SSL         ][     7] Cli-0000000D: ClientHello.compression_methods.size: 1
[SSL         ][     7] Cli-0000000D: ClientHello.compression_methods<0> = 0, NULL compression.
[SSL         ][     7] Cli-0000000D: Writing ClientHello extensions at offset 0x3b
[SSL         ][     7] Cli-0000000D: No ClientHello extensions were written
[SSL         ][     7] Cli-0000000D: Sending SSLv3/TLS ClientHello
[SSL         ][     7] Cli-0000000D: Function ssl3_write_pending returning 59. OK
[SSL         ][     7] Cli-0000000D: Function ssl3_finish_mac returning 0. OK
[SSL         ][     7] Cli-0000000D: Function ssl3_write_bytes returning 59. OK
[SSL         ][     7] Cli-0000000D: Function ssl3_do_write returning 1. OK
[SSL         ][     7] Cli-0000000D: Function ssl3_client_hello successfully returns 1.
[TLSOLDAP    ][     7] BIO read error: 0x000000e8
[SSL         ][     7] Cli-0000000D:  Function ssl3_read_n returning -1.
[SSL         ][     7] Cli-0000000D:  Function ssl3_get_record returning -1.
[SSL         ][     7] Cli-0000000D: ssl3_part_read returned '0xffffffff'
[SSL         ][     7] Cli-0000000D:  Function ssl3_part_read returning -1.
[SSL         ][     7] Cli-0000000D:  Function ssl3_get_message returning -1.
[SSL         ][     7] Cli-0000000D:  Function ssl3_get_server_hello returning -1.
[SSL         ][     7] Cli-0000000D:  Function ssl3_connect returning -1.
[SSL         ][     7] Cli-0000000D: Error 0xFFFFFFFF:
[SSL         ][     7]     Unknown error
[SSL         ][     7]     SSL3 client handshake failed

ASE log "dbcc traceon(3635, 3637)"
kernel  ulauthreq(): entered.
kernel  klbindfunc(c000000383cf8ba0)
kernel  Binding to primary('NULL', '********', 'NULL', 'ldaps://ldaphost:636/')
kernel  klbind() entry, authname NULL, password ********, searchname NULL, ldapurl ldaps://ldaphost:636/, distnamebuf c000000383cf7d90, distnamesize 68, distnamesfound c000000383cf9178, aeiv c000000383cf9210
kernel  klbind: StartTLS is set to 'true'
kernel  Display parsed ldap url 'ldaps://ldaphost:636/':
kernel  host: ldaphost
kernel  port: 636
kernel  search base:
kernel  No attributes in URL
kernel  scope: base (0)
kernel  no filter in URL
kernel  attempting to set protocol to LDAP_VERSION3.
kernel  Authenticating: dn="CN=Admin,DC=realm,DC=com" password="********"
kernel  ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT) server connection timeout 10000 millisecs
kernel  attempting to set LDAP Server search timeout 10 secs
kernel  ldap_simple_bind failed, error, -1 [Can't contact LDAP server]
kernel  Failed to authenticate: dn="CN=Admin,DC=realm,DC=com", ldap error Can't contact LDAP server.
kernel  klbind: RETRY_ATTEMPT: 1
kernel  ldap_simple_bind failed, error, -1 [Can't contact LDAP server]
kernel  Failed to authenticate: dn="CN=Admin,DC=realm,DC=com", ldap error Can't contact LDAP server.


Read more...

Environment

  • SAP Adaptive Server Enterprise (ASE) Software Developer Kit (SDK) 16.0 SP03 PL03

Product

SAP Adaptive Server Enterprise 16.0 ; SAP Adaptive Server Enterprise SDK 16.0

Keywords

CR# 814574, CR#814574, CR814574, ldaps, ldap, encryption, ssl, tls, connect, conn, active directory, openldap , KBA , BC-SYB-ASE , Sybase ASE Database Platform (non Business Suite) , BC-SYB-SDK , SDK , Known Error

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.