000019103 - XParse does not close (unbind) connections to some 3rd party LDAP directories

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019103
Applies ToKeon Certificate Authority 5.7
Keon Certificate Authority 5.7.1
Microsoft Windows NT Server
Microsoft Windows 2000 Server
DCL Directory
Siemens DirX Directory
IssueXParse does not close (unbind) connections to some 3rd party LDAP directories
If an XParse template is used to connect to some (not all) 3rd party LDAP directories, such as, DCL Directory or Siemens DirX Directory, and the template is invoked multiple times, it eventually generates XrcXUDAUNABLE error through X-Parse on the browser screen, and the directory server being used may indicate that there are no more free connection blocks available for new connections.
CauseSome LDAP directories return a different than anticipated response when KCA tests LDAP connectivity.  Due to a bug in KCA, all possible responses were not being accounted for, and therefore every time an LDAP connection needed to be verified, a new connection was being opened but not closed after the response received.  Therefore, when such an XParse template is run for multiple times, a new connection opens up every time and the old one does not close, eventually leading to a state where XrcXUDAUNABLE error is generated on XParse and the LDAP directory shows an error similar to "No free connection blocks--connection refused", indicating that maximum number of simultaneous TCP/IP connections have been reached, and further connection attempts will fail until one of the existing connections is closed.
ResolutionA hot fix is available for KCA 5.7 or KCA 5.7.1 (only available for Windows NT/2000 Server).  To obtain this hot fix, please contact RSA Customer Support and ask for the KCA hot fix for defect #tst00022160.  Please follow the instructions included in the hot fix zip file on how to install.

This problem has been fixed in next release: KCA 6.0.
Legacy Article IDa6096