It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×42,837
×6,100

question asked: Dec 19 '12, 11:12 p.m.
question was seen: 5,475 times
last updated: Dec 20 '12, 12:55 p.m.

Related questions

LDAPS bind error on JTS running RTC

0
Mark Blaschke (1636) | asked Dec 19 '12, 11:12 p.m.
I have a problem with RTC v4.0.0.1 running the JTS with LDAPS.
I have installed the Certs in the Trusted cacerts files using keyman.
I ran through the setup process specifically step 6, and when pressing Test Connection the connection to LDAPS  indicates that the connection worked. I also get the message to copy all the xml files.
Once I copy the files and restart the server, I then try to log in which fails.
The log files in tomcat7-stderr reports that the ldap connection requires a bind to complete the connection.

So why does the setup step work, connect the server, but when the server is started the connection fails?
Comments
Karl Weinert commented Dec 20 '12, 11:56 a.m.
JAZZ DEVELOPER

Can you provide the full error from the tomcat log.
Check the <Jazz Install dir>\server\tomcat\conf\server.xml file for the correct values under the JNDIRealm Realm element
 <Realm className="org.apache.catalina.realm.JNDIRealm"
LDAP stuff here

Feel free to paste in the values of the Realm element. Be sure to remove any passwords and secure information.

Mark Blaschke commented Dec 20 '12, 12:13 p.m. | edited Dec 20 '12, 12:27 p.m.

Error from log
org.apache.catalina.realm.JNDIRealm authenticate
SERVERE: Exception performing authentication
Throwable occurred: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ]; Remaining name: 'dc=<xxx>,dc=US, dc=<yyy>, dc=com
at com.sun.jndi.ldap.LdapCtx.mappErrorcode(LdapCtx.java:3107)

Entry from server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="acct04\JazzAD"
connectionURL="ldaps:<server>.acct04.us.<site>.com:636"
debug="99"
roleBase="dc=acct04, dc=us, dc=<site>,dc=com"
roleName="cn" roleSearch="(member=(0))" roleSubtree="true"
userBase="dc=acct04,dc=US,dc=<site>,dc=com"
userSearch="<sAMAccountName=(0))" userSubtree=true"/>


Karl Weinert commented Dec 20 '12, 12:28 p.m.
JAZZ DEVELOPER

The original server.xml won't have that element. Did you replace the server.xml file with the one create during setup?
Mine for example looks like server-LDAP20121220114545.xml

One answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Karl Weinert (2.0k52736) | answered Dec 20 '12, 12:55 p.m.
JAZZ DEVELOPER
It looks like JNDIRealm might be in there someplace because the error  does reference dc=<xxx>,dc=US, dc=<yyy>, dc=com  which suggests tomcat  knows something about your LDAP server.

If I take out the following values from that element I can reproduce your error.
connectionName="CN=user,CN=Users,DC=domain,DC=ibm,DC=com"
connectionPassword="password"

If I completely remove the element  I don't get any error but I can't log in.
 And if I use the wrong password I get an error trying to start tomcat.


Here's what mine looks like formatted to be easier to read as it was on one line in the file.
The bold text is the stuff I removed to reproduce your error.
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="CN=user,CN=Users,DC=domain,DC=ibm,DC=com"
connectionPassword="password"
connectionURL="ldap://server:3268"
debug="99" referrals="follow"
roleBase="CN=Users,DC=domain,DC=ibm,DC=com"
roleName="cn" roleSearch="(member={0})"
roleSubtree="true"
userBase="CN=Users,DC=domain,DC=ibm,DC=com"
userSearch="(sAMAccountName={0})"
userSubtree="true"/>




Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.