IBM Support

LDAP server requirements for user authentication over SSL starting in ClearQuest 8.0

Question & Answer


Question

Why am I failing to connect IBM Rational ClearQuest v8.0 to my LDAP authentication server when using Secure Socket Layer (SSL)?

Cause

IBM Rational ClearQuest uses the IBM Tivoli Directory Server v6.3 client components and GSKIT v8 for SSL authentication. These components have new security fixes and new requirements for LDAP servers.

Answer

Rational ClearQuest LDAP authentication with SSL is now RFC 5746 compliant. This fixes several security issues related to Transport Layer Security (TLS) renegotiation. There is now a requirement that the LDAP servers with which ClearQuest authenticates by using SSL be RFC 5746 compliant. Using noncompliant LDAP servers might result in an inability to create SSL connections and thus the inability to log on.

If you are unable to establish SSL connections with your LDAP server, check if your LDAP server supports RFC 5746. Tivoli Directory Server v6.3 supports RFC 5746.

See https://www.ibm.com/support/docview.wss?q1=gskit%20116&dc=DB560&rs=767&uid=
swg21469388&context=SSVJJU&cs=utf-8&lang=en&loc=en_US for more information, including workarounds to the new requirements.

[{"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"User Administration - LDAP","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
16 June 2018

UID

swg21512039