We have IDM 4 (not IDM 4.5) that has been running an LDAP driver
connecting to OpenLDAP for some time with no issues. Recently we
refreshed the certs for the OpenLDAP server that were expiring and since
then nothing works for that driver. We have exported the certs for the
OpenLDAP server (.cer format), copied the exported certs to the IDM
server, executed the keytool command from the IDM driver documentation,
and updated the driver config for the keystore file, alias and password
specified but we are still getting an error connecting with the OpenLDAP
server. The error is below:

[05/24/16 08:32:27.434]:OpenLDAP PT:OpenLDAP: Opening SSL connection
[05/24/16 08:32:27.441]:OpenLDAP ST:OpenLDAP: Host name:
[05/24/16 08:32:27.442]:OpenLDAP ST:OpenLDAP: Port: 636
[05/24/16 08:32:27.442]:OpenLDAP ST:OpenLDAP: DN: null
[05/24/16 08:32:27.442]:OpenLDAP ST:OpenLDAP: Protocol version=3
[05/24/16 08:32:27.442]:OpenLDAP ST:OpenLDAP: SDK version=4.6
[05/24/16 08:32:27.443]:OpenLDAP ST:OpenLDAP: Schema.Schema() -
LDAPException: Connection closed by the application disconnecting (91)
Connect Error
[05/24/16 08:32:27.443]:OpenLDAP ST:SubscriptionShim.execute()
[05/24/16 08:32:27.443]:OpenLDAP ST:
<nds dtdversion="2.0" ndsversion="8.x">
<product build="20120601_164331" instance="OpenLDAP"
version="3.5.16">Identity Manager Driver for LDAP</product>
<contact>Novell, Inc.</contact>
<status event-id="query-driver-ident"
level="retry">SubShim.execute(): Not connected to LDAP server or
couldn't read its schema.</status>
[05/24/16 08:32:27.444]:OpenLDAP ST:Requesting 30 second retry delay.
[05/24/16 08:32:27.444]:OpenLDAP ST:
DirXML Log Event -------------------
Driver: \IDVDEV\hc\services\DriverSet\OpenLDAP
Channel: Subscriber
Status: Retry
Message: Code(-9006) The driver returned a "retry" status
indicating that the operation should be retried later. Detail from
driver: SubShim.execute(): Not connected to LDAP server or couldn't read
its schema.
[05/24/16 08:32:27.445]:OpenLDAP ST:Received state change event.
[05/24/16 08:32:27.445]:OpenLDAP ST:Transitioned from state
'%+C%14CStarting%-C' to state '%+C%14CRunning%-C'.

We have verified the OpenLDAP server is running, the port is correct,
the username and password are correct and have not changed. This driver
worked fine until we changed renewed the certs. I'm lost as to what we
did wrong. We have tried with the root and intermediate cert, the
server cert, the full cert chain...no combination or individual cert
seems to have worked.

gdrtx's Profile: https://forums.netiq.com/member.php?userid=1660
View this thread: https://forums.netiq.com/showthread.php?t=55925