IBM Support

IV86810: TDS CLIENT FAILS USING TL2 W/ MS ACTIVE DIRECTORY LDAP SERVER

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as duplicate of another APAR.

Error description

  • ITM TEMS integrates with TDS client 6.3.0.27. The issue is that
TDS client connects with Microsoft AD server using the protocol
TLSV1.2.  When we set the parameter LDAP_OPT_SECURITY_PROTOCOL
to change the protocol to TLS v1.0 or TLSv1.1 TDS client can
connect with AD server successfully. TEMS 6.30 FP5 and FP6 use
TDS client: 6.3.0.27 and GSKit 8.0.50.36.

UserID authentication fails when trying to logon to TEMS via
tacmd CLI or via TEP.

An uplift of TDS client to 6.30.0.43 and uplift of GSKit to
8.0.50.66 resolves the problem.

The problem we are experiencing is this: when configured for
TLS 1.2 protocol use, our TDS client LDAP SSL connection fails
when directed to Microsoft's Active Directory server.  This
very client connection is succcessful when directed to an IBM
TDS server.  Our client TDS code level is LDAP-6.30.0.27 .
Other vendor LDAP clients (JExplorer) have established SSL /
TLS 1.2 connections to the Active Directory server.

When configured for TLS 1.0 or TLS 1.1 , our TDS client LDAP SSL
connection to Microsoft's Active Directory server is successful.

The failure can be seen is the supplied packet trace.  After
the TCP/IP three-way handshake, we see the client-hello.  This
is immediately followed by a [RST] from the LDAP server.

Local fix

  • Set the parameter LDAP_OPT_SECURITY_PROTOCOL
to change the protocol to TLS v1.0 or TLSv1.1 TDS client can
connect with AD server successfully

Problem summary

  • 



Problem conclusion


    

  • 



Temporary fix


    

  • 



Comments


    

  • Exact duplicate with same customer list
This APAR is a duplicate of IV86800

    



APAR Information




    

  • APAR number
    IV86810
    • 

  • Reported component name
    TEMS
    • 

  • Reported component ID
    5724C04MS
    • 

  • Reported release
    630
    • 

  • Status
    CLOSED  DUB
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2016-07-11
    • 

  • Closed date
    2016-07-25
    • 

  • Last modified date
    2017-01-06
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"630","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 March 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback