Novell Identity Server binds to one interface in multihomed host after applying SP1 beta 1 patch

  • 3915700
  • 11-Jun-2007
  • 05-Jun-2013

Environment


Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Netware Access Gateway
Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Novell Identity Server

Situation

The Novell Identity (NIDP) server has 2 Network Interface cards (NICs). Prior to upgrading from Interim Release 2 to the SP1 beta 1 build, the NIDP server could be accessed on any interface. Running an 'netstat -patune|grep -i listen' would show that the NIDP server listened on all interfaces. After upgrading to SP1 beta 1 build, the first interface defined during the NIDP server would be selected as the listener IP address, and no coomunication to 8443 on the secondary IP address would get a response.


Resolution

Remove the 'Address' field from the Tomcat connector in server.xml, or add an Address of 0.

The address we use to post the listener is taken from /etc/opt/novell/tomcat4/server.xml which, in SP1 beta 1 build shows an NIDP connector info of:

< Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443"
minProcessors="5" maxProcessors="75" enableLookups="false" acceptCount="100" de
bug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true" address="147.2.16.109" NIDP_Name="connector" URIEncoding="utf-8" useBodyEncodingURI="false">



where 147.2.16.109 is the IP address of the NIDP server (with no listener on another interface of 10.1.1.1). The following shows the corresponding connector info from the Interim Release 2 build where no Address info was defined at all

minProcessors="5" maxProcessors="75" enableLookups="false" acceptCount="100" de
bug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadT
imeout="true" NIDP_Name="connector" URIEncoding="utf-8" useBodyEncodingURI="fals
e">

Feedback service temporarily unavailable. For content questions or problems, please contact Support.