I think I found the problem. The public key certificate for the ssl certificateDNS has expired. I downloaded PKIdiag and renewed it. I then export the public key to a der file and overwrote the old one with it on the server.

However, I am still unable to authenticate with ldap, still getting the same error messages in the poa and in dstrace. Anybody know what I am doing wrong? Should I be exporting the trusted root certificate or including the private key when I export?

Thanks
Scott Schaffer

Scott Schaffer
ITSA
Olive Waller Zinkhan & Waller
Hi.

Running Groupwise 6.0 SP4 on Netware 6.0 SP4 server. GW Webaccess setup over a year ago, everything working, including ssl ldap authentication. This morning 4 out of 50 users were unable to login into Groupwise. They received an "Ldap failure detected" error when trying to login.

The POA shows "LDAP Error 81, Can't connect to LDAP server, LDAP failure detected [D06B] User: username"

Also, no one is able to login in through the Web interface. The same error is shown in the POA for any web access attempts.

I haven't change anything lately in c1 that might have affected this. I ran a dstrace for ldap activity and see the following error listed when someone tries to login. "connection failed ssl handshake, err = 45, check client's certificate". I checked in the knowledge base for this error and came up with one that is close, having err = 42 not 45. It suggested to re-export the server certificate, which I did following the instructions given in the first half of TID10084976. Still no go.

I have disabled ldap authentication so that the 4 users in the office who could not access their email have been able to login. Webaccess also now allows logins but is not using ssl, and therefore is not secure. I have taken it down until I can solve this problem.

Why were only these 4 users not able to login in this morning? What causes the gw client at their desktop to want to use ldap authentication and nobody else? What else can I look at to get ldap authentication working again?

Thanks,
Scott Schaffer

Scott Schaffer
ITSA
Olive Waller Zinkhan & Waller

Came in this morning with the idea to restart the ldap server, nldap.nlm. I did that, restrated WebAccess and viola, everything is working as it should again.

However, I would still like to know why the four users are apparently using ldap authentication when they are logging in with a groupwise client. Can anybody shed some light on that?

Thanks
Scott Schaffer

Scott Schaffer
ITSA
Olive Waller Zinkhan & Waller
Hi.

Running Groupwise 6.0 SP4 on Netware 6.0 SP4 server. GW Webaccess setup over a year ago, everything working, including ssl ldap authentication. This morning 4 out of 50 users were unable to login into Groupwise. They received an "Ldap failure detected" error when trying to login.

The POA shows "LDAP Error 81, Can't connect to LDAP server, LDAP failure detected [D06B] User: username"

Also, no one is able to login in through the Web interface. The same error is shown in the POA for any web access attempts.

I haven't change anything lately in c1 that might have affected this. I ran a dstrace for ldap activity and see the following error listed when someone tries to login. "connection failed ssl handshake, err = 45, check client's certificate". I checked in the knowledge base for this error and came up with one that is close, having err = 42 not 45. It suggested to re-export the server certificate, which I did following the instructions given in the first half of TID10084976. Still no go.

I have disabled ldap authentication so that the 4 users in the office who could not access their email have been able to login. Webaccess also now allows logins but is not using ssl, and therefore is not secure. I have taken it down until I can solve this problem.

Why were only these 4 users not able to login in this morning? What causes the gw client at their desktop to want to use ldap authentication and nobody else? What else can I look at to get ldap authentication working again?

Thanks,
Scott Schaffer

Scott Schaffer
ITSA
Olive Waller Zinkhan & Waller