When you authenticate passwords with an LDAP directory server, common errors can occur over the connection between the IBM® Tivoli® Storage Manager server and the LDAP directory server.
ANR3114E LDAP error
LDAP error code (error description) occurred during operation.
ANR3114E
LDAP error 53 (DSA is unwilling to perform) occurred during ldap_search_s.
ANR3115E The LDAP directory server returned the following error message
(LDAP server message) with the LDAP error.
ANR3116E LDAP SSL/TLS error GSKIT error code
(error description) occurred during operation.
Error messages | Resolution |
---|---|
ANR3114E LDAP error 118 (The SSL library cannot be loaded) ANR3116E LDAP SSL/TLS error 118 (Unknown SSL error) ANR3103E Failure occurred while initializing LDAP directory services | The library path might not be set properly.
Make sure that you are using the correct version of the GSKit. For more information,
see the following topics:
|
ANR3114E LDAP error 116 (Failed to connect to the SSL server) ANR3116E LDAP SSL/TLS error 406 (I/O error) ANR3103E Failure occurred while initializing LDAP directory services ANR2732E Unable to communicate with the LDAP directory server | The level of GSKit might be incorrect on the Tivoli Directory Server. Upgrade
GSKit to the correct level. See the technote. For Active Directory, disable automatic root certificates updates with Windows Update if an internet connection is not available. |
ANR3114E LDAP error 52 (DSA is unavailable) ANR3103E Failure occurred while initializing LDAP directory services ANR2732E Unable to communicate with the LDAP directory server | The Active Directory server does not have a certificate available for TLS/SSL. Create a signed certificate that can be used by Microsoft Active Directory. |
ANR3114E LDAP error 116 (Failed to connect to SSL server) ANR3116E LDAP SSL/TLS error 414 (Bad certificate) ANR3103E Failure occurred while initializing LDAP directory services ANR2732E Unable to communicate with the LDAP directory server | The LDAP directory server certificate is not trusted. Add the root certificate authority (CA) certificate to the Tivoli Storage Manager server key database file (cert.kdb) and verify that the certificates are not expired. |
ANR3094E The distinguished name (DN) that is specified in the LDAPURL option does not exist on the LDAP directory server ANR3103E Failure occurred while initializing LDAP directory services | If the DN exists, the LDAPUSER might not have full access control rights to the Base DN that is specified in the LDAPURL option. |
ANR3114E LDAP error 50 (Insufficient access) ANR1885E LDAP directory service initialization: Permission was denied when the LDAP directory entry was accessed as LDAPUSER ANR3103E Failure occurred while initializing LDAP directory services ANR1885E SET LDAPPASSWORD: Permission was denied when the LDAPUSER entry was accessed | The LDAPUSER does not have full access control rights to the base DN that is specified in the LDAPURL option. |
ANR3114E LDAP error 116 (Failed to connect to SSL server) ANR3116E LDAP SSL/TLS error 420 (Socket closed) | For Tivoli Directory Server, the SSL_TIMEOUT_MILLISEC is not set high enough. See the technote. |
ANR3114E LDAP error 4 (Size limit exceeded) | Increase the LDAP server search size limit to accommodate the total number of LDAP-authenticated nodes and administrators. |
ANR3114E LDAP error 91 (Connection error) occurred during ldap_sasl_bind. ANR3103E Failure occurred while initializing LDAP directory services. | The LDAP server is not active or is offline. |