Tomcat not loading: "LDAP connectivity not found"

  • Document ID:3511827
  • Creation Date:28-Aug-2007
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      NetWare

Environment

Novell NetWare 6.5
Novell Tomcat on NetWare

Situation

Tomcat doesn't load and has the following symptoms:
  • The logger screen shows this output:

Server does not support non-TLS binds
Consult NetWare documentation for details and workarounds
Tomcat will not start.
LDAP connectivity not found on ldap://localhost:636
Please load NLDAP and then manually execute command: sys:/tomcat/4/bin/startup

If your server host certificates have change recently, executing
sys:/system/tckeygen.ncf may be needed to restore secure LDAP
connectivity

  • Tckeygen was used to successfully import the server certificates to the Tomcat keystore.
  • TCPCON shows that port 636 is listening. Protocol Information, TCP, TCP Connections (hit Tab to toggle the port names to port numbers).
  • In ConsoleOne, the LDAP Server object for the server has the following configuration:
Under the 'SSL/TLS Configuration' tab:
TLS Port is 636
"Disable SSL Port" is NOT checked,
Server Certificate: SSL CertificateDNS
Client Certificate: Not Requested
"Require TLS for All Operations" is NOT checked.

Under the 'Restrictions' tab:
Bind Restrictions: None
  • Tomcat is using port 636 for LDAP authentication. This can be checked in the sys:/tomcat/4/conf/server.xml file. A search for'636' should result in a line similar to:
  • DSTRACE with only the LDAP parameter enabled shows the following when loading Tomcat:
New TLS connection 0x78c65000 from 127.0.0.1:1705, monitor = 0x11c, index = 3
Monitor 0x11c initiating TLS handshake on connection 0x78c65000
DoTLSHandshake on connection 0x78c65000
BIO ctrl called with unknown cmd 7
Completed TLS handshake on connection 0x78c65000
DoBind on connection 0x78c65000
Treating simple bind with empty DN and no password as anonymous
Bind name:NULL, version:3, authentication:simple
Sending operation result 48:"":"Anonymous Simple Bind Disabled." to connection 0x78c65000
Operation 0x1:0x60 on connection 0x78c65000 completed in 0 seconds
Monitor 0x11c found connection 0x78c65000 ending TLS session
DoTLSShutdown on connection 0x78c65000
Monitor 0x11c found connection 0x78c65000 socket closed, err = -5871, 0 of 0 bytes read
Monitor 0x11c initiating close for connection 0x78c65000
Server closing connection 0x78c65000, socket error = -5871
Connection 0x78c65000 closed

Resolution

The problem may be a rights issue in which the LDAP server is not retrieving some (or all) of its attributes from the object in eDirectory due to rights. Since the server doesn't have rights to the attributes, the LDAP Server object starts up with parameters that do not match the default parameters, resulting in Tomcat not connecting to the LDAP server. To ensure that the server has the proper rights, do the following:

  1. In ConsoleOne, open the properties of the LDAP server object.
  2. Open the 'NDS Rights' tab. Make sure that the server is a trustee of the LDAP Server object.
  3. Open the 'Assigned Rights' for the server.
  4. Give the server object full rights to the the LDAP Server object. There should be an [All Attributes Rights] in the Property window. This should also have all rights enabled.
  5. Once these changes are made, click OK and then apply the changes.
  6. On the general tab, click the "Refresh NLDAP Server Now" button (or enter "unload nldap" and then "load nldap" at the server console).

After refreshing NLDAP, try loading Tomcat again by entering'Tomcat4' at the console prompt. Switch to the logger screen to see if it loads properly.