Troubleshooting
Problem
When trying to connect to an LDAP Directory Server using SSL, either by using the test functionality in Cognos Configuration or by starting IBM Cognos 11, an error message is logged and the connection fails
Symptom
CAM-AAA-0064 The function 'Configure' failed."
The user cannot access the application at this time."
CAM-AAA-0026 The function call to 'LDAPAPIWrapper_ldapssl_client_init' failed with error code: '-1'"
CAM-AAA-0082 Unable to initialize the SSL client because the certificate database is invalid."
Cause
When you use an LDAP namespace which is configured for LDAPS (LDAP via SSL) you have to
provide a proper Key Database containing the LDAP servers certificate. If this Key Database is
damaged, incomplete or inaccessible this error is thrown.
provide a proper Key Database containing the LDAP servers certificate. If this Key Database is
damaged, incomplete or inaccessible this error is thrown.
Resolving The Problem
- Confirm that the Cognos service account has access to the certificate directory configured in the "SSL Certificate Directory" property path
- Confirm that Cognos is connecting directly to the LDAP Server and not via a Load Balancer. Load Balancer architecture is not currently supported.
- Confirm there are no typos in the "SSL Certificate Directory" property path
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl3zAAC","label":"Administration"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"11.0.13;11.1.0","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Was this topic helpful?
Document Information
Modified date:
14 July 2020
UID
ibm16248329