LDAP queries handled by the BlackBerry MDS Connection Service fail to bind successfully

Article ID: KB28446

Type: Support Content

Last Modified: 04-10-2012

 

Product(s) Affected:

  • BlackBerry Enterprise Server
CollapseEnvironment
  • BlackBerry® Enterprise Server 5.0 to 5.0 SP3
  • Java® Runtime Environment (JRE) 1.5 to 1.6
  • Java® Cryptography Extension
  • DT 2007008
CollapseOverview

LDAP queries passed through the BlackBerry® MDS Connection Service fail because a successful bind was not completed.  The following will be displayed in the BlackBerry MDS Connection Service (MDAT) log files:

<2011-06-30 14:37:37.978 EDT>:[10173]:<MDS-CS_BES_MDS-CS_1>:<DEBUG>:<LAYER = IPPP, HANDLER = LDAPjavax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906DC, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db0 ]; remaining name ''>

CollapseCause
The BlackBerry® Enterprise Server is missing the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files or the BlackBerry Enterprise Server has an old version of these same files.
CollapseResolution

Replace the JCE Jurisdiction Policy files with the JCE Unlimited Strength Jurisdiction Policy Files:

  • Download the JCE Unlimited Strength Jurisdiction Policy Files from Oracle's website:  http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
  • Extract the files to a common location.
  • Navigate to the installation directory of Java JRE and locate the \lib\security directory and replace the Local_policy.jar and US_export_policy.jar files with the ones that were just extracted.
  • If the Java JDK is also installed then navigate to the installation directory of Java JDK and locate the jre\lib\security directory and replace the Local_policy.jar and US_export_policy.jar files with the ones that were just extracted.
CollapseAdditional Information
Examples of functions that would be affected by this LDAP failure would be integrated authentication and also wireless certificate lookups.  Anything else using LDAP through the BlackBerry MDS Connection Service would also be affected.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.