000025993 - How to configure RSA ClearTrust Entitlements Server with the correct baseDN while using SSL

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025993
Applies ToRSA ClearTrust 4.7.1
Microsoft Windows 2000
Secure Socket Layer (SSL)
Transport Layer Security (TLS)
Microsoft Active Directory
RSA ClearTrust Entitlements Server running in DEBUG mode
IssueHow to configure RSA ClearTrust Entitlements Server with the correct baseDN while using SSL
When running eserver.bat from the %CT_ROOT%\bin directory (where %CT_ROOT% is usually C:\Program Files\RSA\ClearTrust\), the following error is seen in the DOS window:

    ...
    ...
    Connection timeout for <hostname>:636 is  20000
    SocketFactory.timedCreateSocket: waiting for connect
    SSL cipher suite: RSA_With_RC4_MD5
    SSL socket: class com.rsa.jsse.SSLSocket
    SSL session: com.rsa.jsse.SSLSession@581593
            Cipher RSA_With_RC4_MD5
            Create: 1030510126161
            ID: [B@364e6a
            Last: 1030510126161
            Context: com.rsa.jsse.SSLSessionContext@562270
    started.
    All LDAP connections have been started.
    LDAPReservedSequenceFactory.getSequence("AdminSequence")
    sirrus.da.exception.DataStoreException: The result set does not contain any entries.
            at sirrus.da.ldap.admin.factory.LDAPFactory.createSequences(LDAPFactory.java:257)
            at sirrus.da.ldap.admin.factory.LDAPFactory.<init>(LDAPFactory.java:124)
            at java.lang.reflect.Constructor.newInstance(Native Method)
            at sirrus.da.admin.AdminDA.<init>(AdminDA.java:108)
            at sirrus.da.admin.AdminDA.initialize(AdminDA.java:154)
            at sirrus.api.server.AdministrativeAPIServer.main(AdministrativeAPIServer.java:178)
     failed, reason is: The result set does not contain any entries.
    sirrus.da.exception.DataStoreException: The result set does not contain any entries.
            at sirrus.da.ldap.admin.factory.LDAPFactory.createSequences(LDAPFactory.java:257)
            at sirrus.da.ldap.admin.factory.LDAPFactory.<init>(LDAPFactory.java:124)
            at java.lang.reflect.Constructor.newInstance(Native Method)
            at sirrus.da.admin.AdminDA.<init>(AdminDA.java:108)
            at sirrus.da.admin.AdminDA.initialize(AdminDA.java:154)
            at sirrus.api.server.AdministrativeAPIServer.main(AdministrativeAPIServer.java:178)
ResolutionTo correct this issue, ensure the ldap.conf file found in the %CT_ROOT%\conf directory (where %CT_ROOT% is usually C:\Program Files\RSA\ClearTrust\) has the correctly configured baseDN for the following parameters for the Microsoft Active Directory being used. The baseDN used below is rsasecurity.com or dc=rsasecurity,cd=com:

cleartrust.data.ldap.user.basedn                  :cn=users, dc=rsasecurity,dc=com

cleartrust.data.ldap.group.basedn                :ou=Groups, dc=rsasecurity,dc=com

cleartrust.data.ldap.admin.user.basedn        :ou=ctscAdminRepository, dc=rsasecurity,dc=com

cleartrust.data.ldap.admin.group.basedn      :ou=ctscAdminRepository, dc=rsasecurity,dc=com

cleartrust.data.ldap.admin.basedn               :ou=ctscAdminRepository, dc=rsasecurity,dc=com
cleartrust.data.ldap.applicationdata.basedn  :ou=ctscApplicationDataRepository, dc=rsasecurity,dc=com
cleartrust.data.ldap.policy.basedn               :ou=ctscPolicyRepository, dc=rsasecurity,dc=com
Legacy Article IDa12564

Attachments

    Outcomes