KB0018649 : Encryption over LDAPS : ERROR: salt parameter must not be empty

Issue Identified In : 4120

Issue Fixed In: 4.5

Environment : Linux, Windows


  • Randomly getting the “salt parameter must not be empty” error after using Ephesoft for some time.
  • Unable to Login to Ephesoft after seeing “salt parameter must not be empty” when Ephesoft is configured over LDAPS with Encryption ON.

Root Cause: We have observed that due to some reason JNDIRealm is trying to recreate Active directory context with Customer’s AD.  While recreating context object it is again trying to decrypt the already decrypted password; while doing so Ephesoft decryptor is returning the empty string and here the password is getting reset. Later on in subsequent decrypt password call, decryptor is throwing “salt parameter must not be empty”.

Solution: We have devised a solution  for above problem in which we are ensuring password doesn’t get decrypted again. This is only valid for 4120 , 4121 and 4130 versions. Please find the link of the the jar file as below. We will need to replace the ephesoft-realm.jar with the attached jar file.

Hot-Fix Link: http://ftp.ephesoft.com/ftp/wiki/EPHE-18649/EPHE-18649_HOT-FIX_v4120.zip

Installation Steps:

  1. Download the attachment to temporary location.
  2. Extract the zip file.
  3. Inside zip there is a jar file named ephesoft-realm_EPHE-18649_HOT-FIX_v4120.jar.
  4. Remove existing ephesoft-realm.jar file from JavaAppServer\lib folder.
  5. Copy extracted jar file to JavaAppServer\lib folder.
  6. Start Ephesoft service.