|Applies To||Keon Certificate Authority 5.7|
Keon Certificate Authority 5.7.1
Microsoft Windows NT Server
Microsoft Windows 2000 Server
Siemens DirX Directory
|Issue||XParse does not close (unbind) connections to some 3rd party LDAP directories|
If an XParse template is used to connect to some (not all) 3rd party LDAP directories, such as, DCL Directory or Siemens DirX Directory, and the template is invoked multiple times, it eventually generates XrcXUDAUNABLE error through X-Parse on the browser screen, and the directory server being used may indicate that there are no more free connection blocks available for new connections.
|Cause||Some LDAP directories return a different than anticipated response when KCA tests LDAP connectivity. Due to a bug in KCA, all possible responses were not being accounted for, and therefore every time an LDAP connection needed to be verified, a new connection was being opened but not closed after the response received. Therefore, when such an XParse template is run for multiple times, a new connection opens up every time and the old one does not close, eventually leading to a state where XrcXUDAUNABLE error is generated on XParse and the LDAP directory shows an error similar to "No free connection blocks--connection refused", indicating that maximum number of simultaneous TCP/IP connections have been reached, and further connection attempts will fail until one of the existing connections is closed.|
|Resolution||A hot fix is available for KCA 5.7 or KCA 5.7.1 (only available for Windows NT/2000 Server). To obtain this hot fix, please contact RSA Customer Support and ask for the KCA hot fix for defect #tst00022160. Please follow the instructions included in the hot fix zip file on how to install.|
This problem has been fixed in next release: KCA 6.0.
|Legacy Article ID||a6096|