Skip to content


secldapclntd will not work with SSL

Once, there was AIX system which LDAP client refused to run on top of SSL. Now way, ever! AIX update did not help, LDAP software did not help, SSH/SLL upgrade did not help, GSKit patch did not help. It seems that this system was cursed.

# start-secldapclntd
Starting the secldapclntd daemon.
3001-710 SSL initialization failed. Check the SSL key path and key password in the /etc/security/ldap/ldap.cfg file.
3001-710 SSL initialization failed. Check the SSL key path and key password in the /etc/security/ldap/ldap.cfg file.
The secldapclntd daemon failed to start.

The ldapsearch command executed with SSL and a key file kept failing generating:

ldap_ssl_client_init failed! rc == -1, failureReasonCode == 804400244
Unknown SSL error

Well, here comes To Vo who says = “Mark, please execute this command:”

/opt/IBM/ldap/V6.3/bin/idslink -igl32 -f

It works, it works like a charm, thanks To Vo!

Posted in Real life AIX.

Tagged with , , , .


3 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Susan says

    Worked for me too – thx !
    In my case I didn’t have a V6.3 directory, but ran idslink from V6.2, which allowed me to start secldapclntd, and login using LDAP authentication.

    Thanks for the nice post !

  2. Tim says

    Did not work for me. ldap V6.4 AIX version 7100-04-04-1717.
    From what I can tell for me issue started when I upgraded from SP3 to SP4.

    I ran
    # ./idslink -igl32 -f
    no luck
    then I ran
    # ./idslink -igl64 -f
    still no luck I am getting the same error when I try to start secldapclntd

    HATST1:/opt/IBM/ldap/V6.4/bin # start-secldapclntd
    Starting the secldapclntd daemon.
    3001-710 SSL initialization failed. Check the SSL key path and key password
    in the /etc/security/ldap/ldap.cfg file.
    3001-710 SSL initialization failed. Check the SSL key path and key password
    in the /etc/security/ldap/ldap.cfg file.
    The secldapclntd daemon failed to start.

  3. Tim says

    The problem I had was the previous admin put an expiration date on the KDB password.
    helpful commands.
    Shows KDB password has expired.
    /usr/bin/gsk8capicmd -keydb -list -db /etc/security/ldap/certs/keydb.kdb
    reset the password on the KDB.
    /usr/bin/gsk8capicmd -keydb -changepw -db “/etc/security/ldap/certs/keydb.kdb” -new_pw XXXXXXXX
    Source database password :
    Put the new password into the stash file.
    /usr/bin/gsk8capicmd -keydb -stashpw -db “/etc/security/ldap/certs/keydb.kdb” -pw XXXXXXXX

    get the HASH of the new password to update ldap.cfg
    secldapclntd -e XXXXXXXX

    update the /etc/security/ldap/ldap.cfg file with password HASH.

    Start secldapclntd.
    start-secldapclntd



Some HTML is OK

or, reply to this post via trackback.

WordPress Anti Spam by WP-SpamShield



Copyright © 2016 - 2017 Waldemar Mark Duszyk. All Rights Reserved. Created by Blog Copyright.