LDAP security library

Hi all. I have been messing around with a cloned environment, and almost everything works. The LDAP configuration is giving me issues, though. When I click on LDAP Certificate Database Management, I get this error in the Java Method Server logs:

11:45:16,360 ERROR [http-0.0.0.0-9080-1] com.documentum.mthdservlet.DoMethod - Exception invoking com.documentum.ldap.ldapcertdb.LDAPCertDbAutomation.java.lang.SecurityException: Unable to initialize security library          at org.mozilla.jss.CryptoManager.initializeAllNative(Native Method)          at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:919)          at com.documentum.ldap.ldapcertdb.LDAPCertDbAutomation.initCryptoManager(LDAPCertDbAutomation.java:269)          at com.documentum.ldap.ldapcertdb.LDAPCertDbAutomation.execute(LDAPCertDbAutomation.java:157)          at com.documentum.mthdservlet.DfMethodRunner.runIt(Unknown Source)          at com.documentum.mthdservlet.AMethodRunner.runAndReturnStatus(Unknown Source)          at com.documentum.mthdservlet.DoMethod.invokeMethod(Unknown Source)          at com.documentum.mthdservlet.DoMethod.doPost(Unknown Source)          at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)          at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)          at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)          at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)          at java.lang.Thread.run(Thread.java:619)

When I try to run the dm_LDAPSynchronization job, it fails with:

2011-12-01 09:16:01:345 EST [http-0.0.0.0-9080-2]: ERROR: DmLdapException:: THREAD: http-0.0.0.0-9080-2; MSG: [DM_LDAP_SYNC_E_EXCEPTION_ERROR]error:  "Failed to decrypt string"; ERRORCODE: 100; NEXT: null          at com.documentum.ldap.internal.sync.SynchronizationContextBuilder.setBindPswd(SynchronizationContextBuilder.java:256)          at com.documentum.ldap.internal.sync.SynchronizationContextBuilder.buildSynchronizationContext(SynchronizationContextBuilder.java:51)          at com.documentum.ldap.LDAPSync.prepareSync(LDAPSync.java:385)          at com.documentum.ldap.LDAPSync.processJob(LDAPSync.java:203)          at com.documentum.ldap.LDAPSync.execute(LDAPSync.java:71)          at com.documentum.mthdservlet.DfMethodRunner.runIt(Unknown Source)          at com.documentum.mthdservlet.AMethodRunner.runAndReturnStatus(Unknown Source)          at com.documentum.mthdservlet.DoMethod.invokeMethod(Unknown Source)          at com.documentum.mthdservlet.DoMethod.doPost(Unknown Source)          at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)          at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)          at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)          at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)          at java.lang.Thread.run(Thread.java:619)Caused by: DmLdapException:: THREAD: http-0.0.0.0-9080-2; MSG: [DM_LDAP_SYNC_E_EXCEPTION_ERROR]error:  "Failed to decrypt string"; ERRORCODE: 100; NEXT: null          at com.documentum.ldap.internal.sync.SynchronizationContextBuilder.getBindPasswordFromFile(SynchronizationContextBuilder.java:839)          at com.documentum.ldap.internal.sync.SynchronizationContextBuilder.setBindPswd(SynchronizationContextBuilder.java:249)          ... 28 moreCaused by: DfException:: THREAD: http-0.0.0.0-9080-2; MSG: [DM_CRYPTO_E_DECRYPTTEXT_FAILED]error:  "Failed to decrypt string"; ERRORCODE: 100; NEXT: null          at com.documentum.fc.client.impl.crypto.CryptoUtils.decryptText(CryptoUtils.java:390)          at com.documentum.fc.client.DfClient$ClientImpl.decryptText(DfClient.java:499)          at com.documentum.ldap.internal.sync.SynchronizationContextBuilder.getBindPasswordFromFile(SynchronizationContextBuilder.java:827)          ... 29 moreCaused by: DfException:: THREAD: http-0.0.0.0-9080-2; MSG: [DM_CRYPTO_F_KEYSTORE_INIT]fatal:  "Unable to initialize key store at \Documentum\dba\secure\aek.key"; ERRORCODE: 100; NEXT: null          at com.documentum.fc.client.impl.crypto.CryptoUtils.decrypt(CryptoUtils.java:653)          at com.documentum.fc.client.impl.crypto.CryptoUtils.initCryptoEx(CryptoUtils.java:105)          at com.documentum.fc.client.impl.crypto.CryptoUtils.initCrypto(CryptoUtils.java:60)          at com.documentum.fc.client.impl.crypto.CryptoUtils.checkForAEK(CryptoUtils.java:566)          at com.documentum.fc.client.impl.crypto.CryptoUtils.decryptText(CryptoUtils.java:386)          ... 31 moreCaused by: javax.crypto.BadPaddingException: Given final block not properly padded          at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)          at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)          at com.sun.crypto.provider.DESedeCipher.engineDoFinal(DashoA13*..)          at javax.crypto.Cipher.doFinal(DashoA13*..)          at com.documentum.fc.client.impl.crypto.CryptoUtils.decrypt(CryptoUtils.java:649)          ... 35 more

Find more posts tagged with

Note:

If there are Accepted Answers, those will be shown by default. You can switch to 'All Replies' by selecting the tab below.

Accepted answers

david.matheson

Regenerated aek.key and dbpasswd.txt, deleted dfc.keystore, the ldap config object and ldap_*.cnt files, and the crypto keys from the database. Started everthing back up and created my ldap config from scratch. No issues.

All comments

david.matheson

I deleted dfc.keystore and restarted. I don't get the error on the LDAP Certificate Database Management page, but running the dm_LDAPSynchronization job results in:

2011-12-01 13:25:00:729 EST [http-0.0.0.0-9080-1]: Unexpected Error. Caused by: [DM_LDAP_SYNC_E_EXCEPTION_ERROR]error:  "A NULL string was passed to function expecting a valid one"2011-12-01 13:25:00:729 EST [http-0.0.0.0-9080-1]: ERROR: DmLdapException:: THREAD: http-0.0.0.0-9080-1; MSG: [DM_LDAP_SYNC_E_EXCEPTION_ERROR]error:  "A NULL string was passed to function expecting a valid one"; ERRORCODE: 100; NEXT: null          at com.documentum.ldap.internal.sync.SynchronizationContextBuilder.setBindPswd(SynchronizationContextBuilder.java:256)          at com.documentum.ldap.internal.sync.SynchronizationContextBuilder.buildSynchronizationContext(SynchronizationContextBuilder.java:51)          at com.documentum.ldap.LDAPSync.prepareSync(LDAPSync.java:385)          at com.documentum.ldap.LDAPSync.processJob(LDAPSync.java:203)          at com.documentum.ldap.LDAPSync.execute(LDAPSync.java:71)          at com.documentum.mthdservlet.DfMethodRunner.runIt(Unknown Source)          at com.documentum.mthdservlet.AMethodRunner.runAndReturnStatus(Unknown Source)          at com.documentum.mthdservlet.DoMethod.invokeMethod(Unknown Source)          at com.documentum.mthdservlet.DoMethod.doPost(Unknown Source)          at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)          at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)          at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)          at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)          at java.lang.Thread.run(Thread.java:619)Caused by: DmLdapException:: THREAD: http-0.0.0.0-9080-1; MSG: [DM_LDAP_SYNC_E_EXCEPTION_ERROR]error:  "A NULL string was passed to function expecting a valid one"; ERRORCODE: 100; NEXT: null          at com.documentum.ldap.internal.sync.SynchronizationContextBuilder.getBindPasswordFromFile(SynchronizationContextBuilder.java:839)          at com.documentum.ldap.internal.sync.SynchronizationContextBuilder.setBindPswd(SynchronizationContextBuilder.java:249)          ... 28 moreCaused by: DfException:: THREAD: http-0.0.0.0-9080-1; MSG: [DM_CRYPTO_E_NULL_TEXT]error:  "A NULL string was passed to function expecting a valid one"; ERRORCODE: 100; NEXT: null          at com.documentum.fc.client.impl.crypto.CryptoUtils.decryptText(CryptoUtils.java:341)          at com.documentum.fc.client.DfClient$ClientImpl.decryptText(DfClient.java:499)          at com.documentum.ldap.internal.sync.SynchronizationContextBuilder.getBindPasswordFromFile(SynchronizationContextBuilder.java:827)          ... 29 more

david.matheson

Suganya Baskar

@david.matheson Please help me with the similar issue.

I have regenerated aek.key and dbpasswd.txt and deleted dfc.keystore and ldap config object and crypto keys from Database.

But not able to find the ldap_*.cnt files in Database. Please let me know how to delete it.

Also please share the steps for LDAP configuration.

Error :

2021-11-24T13:15:40.835930 3487[3487] 0000000000000000 [DM_CRYPTO_E_PASSWORD_DECRYPTION_FAILED]error: "Decryption of password present in file /u/opt/documentum/dba/config/tst/ldap_*.cnt failed, status - 2"