Problem Note 48142: The SAS® Metadata Server might not respond when you use SSL with direct LDAP authentication
When you configure for direct Lightweight Directory Access Protocol (LDAP) authentication over the Secure Sockets Layer (SSL), the SAS® Metadata Server might stop responding to all requests. The server's lack of response might be sporadic, producing various errors. The only way to recover from this condition is to restart the SAS Metadata Server.
Client applications that connect to the SAS Metadata Server might produce a message regarding a failed connection, a failed authentication, or a connection time–out. Client applications might not provide any message and appear to be unresponsive.
To indicate the problem, the SAS Metadata Server log might contain a message like the following, after which there is no activity logged:
OpenSSL error 185057381 occurred in function SSL_connect at line 1725, the error message is SSL error
"error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table(0xb07c065)."
The problem occurs because of an error in handling multi–threaded connections to the LDAP server using SSL encryption. Note that Microsoft Active Directory is an LDAP provider, and you can experience the same problem using Active Directory.
The only circumvention is to configure the SAS Metadata Server to connect to LDAP without SSL.
Related Documentation
- See Direct LDAP Authentication in the SAS(R) 9.3 Intelligence Platform: Security Administration Guide for additional information about configuring the SAS Metadata Server to directly authenticate to an LDAP server.
- See How to Configure SSL between the Metadata Server and an LDAP Server in the SAS(R) 9.3 Intelligence Platform: Security Administration Guide for additional information about using SSL encryption with direct LDAP authentication.
Operating System and Release Information
SAS System | SAS Metadata Server | z/OS | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Microsoft® Windows® for x64 | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Microsoft Windows Server 2003 Datacenter Edition | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Microsoft Windows Server 2003 Enterprise Edition | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Microsoft Windows Server 2003 Standard Edition | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Microsoft Windows Server 2003 for x64 | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Microsoft Windows Server 2008 | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Microsoft Windows Server 2008 for x64 | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Microsoft Windows XP Professional | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Windows 7 Enterprise 32 bit | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Windows 7 Enterprise x64 | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Windows 7 Home Premium 32 bit | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Windows 7 Home Premium x64 | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Windows 7 Professional 32 bit | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Windows 7 Professional x64 | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Windows 7 Ultimate 32 bit | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Windows 7 Ultimate x64 | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Windows Vista | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Windows Vista for x64 | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
64-bit Enabled AIX | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
64-bit Enabled HP-UX | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
64-bit Enabled Solaris | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
HP-UX IPF | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Linux | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Linux for x64 | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
Solaris for x64 | 9.3 | 9.4 | 9.3 TS1M0 | 9.4 TS1M0 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2012-10-15 12:51:35 |
Date Created: | 2012-10-12 15:17:47 |