Policy Server Guides › Policy Design Guide › Troubleshooting › Policy Server Does Not Connect to LDAP Stores Using SSL with AKI

Policy Server Does Not Connect to LDAP Stores Using SSL with AKI

Platform: Solaris only

Problem

The Policy Server does not connect to LDAP stores that use SSL certificates with the AKI extension.

Solution

To solve this problem, follow these steps:

1. Install the patch corresponding to your version of Solaris:
   • Solaris 8: 119209-12
   • Solaris 9: 119211-12
   • Solaris 10: 119213-12

   Patches for Solaris 8 and 9

   Deploy libraries in the following directory: /usr/lib/mps/secv1.

   Patch for Solaris 10

   Deploys libraries in the following directory: /usr/lib/mps.

   Note: Since a default installation of Solaris 10 contains the necessary libraries already, you may not need this patch.

2. Verify the following:
   • NSS libraries are version 3.9.3 or later.
   • NSPR libraries are version 4.5 or later.
3. Stop the Policy Server.
4. Copy the following five libraries to the ../siteminder/lib directory, overwriting the existing libraries:
   • libplc4.so
   • libnspr4.so
   • libplds4.so
   • libssl3.so
   • libnss3.so
5. Restart the Policy Server.

The Policy Server can now connect to LDAP stores that use SSL certificates with the AKI extension.