Environment
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Netware Access Gateway
Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Novell Identity Server
Situation
The Novell Identity (NIDP) server has 2 Network Interface cards
(NICs). Prior to upgrading from Interim Release 2 to the SP1 beta 1
build, the NIDP server could be accessed on any interface. Running
an 'netstat -patune|grep -i listen' would show that the NIDP server
listened on all interfaces. After upgrading to SP1 beta 1 build,
the first interface defined during the NIDP server would be
selected as the listener IP address, and no coomunication to 8443
on the secondary IP address would get a response.
Resolution
Remove the 'Address' field from the Tomcat connector in server.xml,
or add an Address of 0.
The address we use to post the listener is taken from /etc/opt/novell/tomcat4/server.xml which, in SP1 beta 1 build shows an NIDP connector info of:
< Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443"
minProcessors="5" maxProcessors="75" enableLookups="false" acceptCount="100" de
bug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true" address="147.2.16.109" NIDP_Name="connector" URIEncoding="utf-8" useBodyEncodingURI="false">
where 147.2.16.109 is the IP address of the NIDP server (with no listener on another interface of 10.1.1.1). The following shows the corresponding connector info from the Interim Release 2 build where no Address info was defined at all
minProcessors="5" maxProcessors="75" enableLookups="false"
acceptCount="100" de
bug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadT
imeout="true" NIDP_Name="connector" URIEncoding="utf-8" useBodyEncodingURI="fals
e">
The address we use to post the listener is taken from /etc/opt/novell/tomcat4/server.xml which, in SP1 beta 1 build shows an NIDP connector info of:
< Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443"
minProcessors="5" maxProcessors="75" enableLookups="false" acceptCount="100" de
bug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true" address="147.2.16.109" NIDP_Name="connector" URIEncoding="utf-8" useBodyEncodingURI="false">
where 147.2.16.109 is the IP address of the NIDP server (with no listener on another interface of 10.1.1.1). The following shows the corresponding connector info from the Interim Release 2 build where no Address info was defined at all
bug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadT
imeout="true" NIDP_Name="connector" URIEncoding="utf-8" useBodyEncodingURI="fals
e">