Tomcat will not start after disabling LDAP anonymous bind

  • 3633040
  • 08-Oct-2007
  • 26-Apr-2012

Environment

Novell NetWare 6.5

Situation

Disabled LDAP anonymous bind
Added the connectionName and connectionPassword, as referenced in KB 10086383.
When starting tomcat, the logger screen shows :
Server does not support non-TLS binds
Consult NetWare documentation for details and workarounds
Tomcat will not start.
LDAP connectivity not found onldap://localhost:636
Please load NLDAP and then manually execute command: sys:/tomcat/4/bin/startup

If your server host certificates have change recently, executing
sys:/system/tckeygen.ncf may be needed to restore secure LDAP
connectivity

an LDAP trace (using DSTRACE) further shows :

New TLS connection 0x82685700 from 127.0.0.1:1063, monitor = 0x0, index = 1
Monitor 0x1b7 started
Monitor 0x1b7 initiating TLS handshake on connection 0x82685700
(127.0.0.1:1063)(0x0000:0x00) DoTLSHandshake on connection 0x82685700
(127.0.0.1:1063)(0x0000:0x00) Completed TLS handshake on connection 0x82685700
(127.0.0.1:1063)(0x0001:0x60) DoBind on connection 0x82685700
(127.0.0.1:1063)(0x0001:0x60) Treating simple bind with empty DN and no password as anonymous
(127.0.0.1:1063)(0x0001:0x60) Bind name:NULL, version:3, authentication:simple
(127.0.0.1:1063)(0x0001:0x60) Sending operation result 48:"":"Anonymous Simple Bind Disabled." to connection 0x82685700
Monitor 0x1b7 found connection 0x82685700 ending TLS session
(127.0.0.1:1063)(0x0000:0x00) DoTLSShutdown on connection 0x82685700
Monitor 0x1b7 found connection 0x82685700 socket closed, err = -5871, 0 of 0 bytes read
Monitor 0x1b7 initiating close for connection 0x82685700
Server closing connection 0x82685700, socket error = -5871
Connection 0x82685700 close

Note - LDAP is rejecting the connection because of the anonymous bind.

Resolution

If a current, operational server is available, compare (sizes and dates) and potentially copy the following files (the following files are actually previous to NetWare 6.5 SP5, and so may be out of date) :


-rwxrwxr-x 1 root root 5750 Nov 30 2004 /adminsrv/tccheck.jar
-rwxrwxr-x 1 root root 10761 Feb 23 2004 /adminsrv/lib/ecb.jar
-rwxrwxr-x 1 root root 110017 Feb 23 2004 /adminsrv/lib/ecbldap.jar
-rwxrwxr-x 1 root root 14334 Feb 23 2004 /adminsrv/lib/ecbsecurity.jar
-rwxrwxr-x 1 root root 127118 Feb 23 2004 /adminsrv/lib/jdom.jar
-rwxrwxr-x 1 root root 22536 Nov 30 2004 /adminsrv/lib/tcnwutils.jar

If the files do not have the same file sizes, they can obtained the files for the service pack using the Service Pack Products Overlay CD in the following location : NW65PROD:/PRODUCTS/TOMCAT4/ADMTC4.ZIP . The only things required from this ZIP file are the adminsrv/lib directory and the adminsrv/tccheck.jar file. Place these in the SYS:/adminsrv directory, and start tomcat.

Additional Information

/adminsrv/tcccheck.jar file version was incorrect. File did not get updated correctly.

Formerly known as TID# 10097494