Skip navigation
All Places > CA Security > Blog > Authors Icculus

CA Security

2 Posts authored by: Icculus Employee

EEM utillizes the CA Directory dxearch executable as its cheif component for searching through LDAP whether internal or external. The below script can be used to verify if connectivity to LDAP is established and cuts EEM out of the equation on a Linux server.


getCurrentTimeInMili() {
  date +'%H 3600 * %M 60 * + %S + 1000 * %N 1000000 / + p' | dc


# do something
# start your script work here
dxsearch -h "ldap-server-name" -p 389 -b "dc=eiamldap,dc=com" -D "cn=user1,ou=searchtest,dc=ldap,dc=com" -w "*******" -z "none" -v "cn=*"
# your logic ends here


diffTime=$(( $endTime - $startTime ))
echo "Time took for previous dxsearch: $diffTime milliseconds"


The above script is owned by the CA Directory dsa account. This provides the end user ability to run the script after sudo and then running 'su - dsa' or equivalent Directory user id.

Used in conjuction with a network sniffer like wireshark you can determine where any delay may lie: authentication or object search.

For more information on using dxsearch, run 'dxsearch --help' as the dsa account.

This script can be put into a loop and have the output recorded to log file for later review.

CAPKI r4.3.4 has been signed off and the builds are available for use in embedded installer components.

Products affected:

EEM via CA Directory R12 all versions prior to SP14.

Any existing CA Directory r12 host (prior to SP14) can apply this CAPKI patch independently.


Issues/Vulnerabilities addressed as part of this release:



Description of the Issue/Vulnerability


SSL/TLS MITM vulnerability


DTLS recursion flaw


Anonymous ECDH denial of service


Recovering OpenSSL ECDSA Nonces


EEM Development will be applying the latest CA Directory R12 SP14 to their install packages during the next development cycle.

If you require this patch immediately, please open a case with CA Support with a business impact and justification.