Environment
Novell GroupWise 2012
Novell GroupWise 8
Novell GroupWise 8
Situation
Unable to log into CalHost Admin web interface.
Every time one tries to authenticate, it reports that the Login Failed
When attempting authentication using the ldapsearch command, the following error messages may be present (see Additional Information section for details on how to use the command):
Every time one tries to authenticate, it reports that the Login Failed
When attempting authentication using the ldapsearch command, the following error messages may be present (see Additional Information section for details on how to use the command):
- ldap_bind: Confidentiality required (13)
- ldap_sasl_interactive_bind_s: Confidentiality required (13)
- ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Resolution
One solution is to follow the steps provided in TID 7013279 - How to configure LDAP to allow simple binds.
Note: This is generally an accepted solution, as most often, the CalHost server authenticates to an LDAP server located on the same server (itself).
Another solution is to configure the Calendar Publishing Host to authenticate securely over port 636:
Note: This is generally an accepted solution, as most often, the CalHost server authenticates to an LDAP server located on the same server (itself).
Another solution is to configure the Calendar Publishing Host to authenticate securely over port 636:
- Change the LDAP Authority Network Address to use port 636 instead of 389. Select from the following options:
- Option A: Configure using Calendar Publishing Host Administration Web Console:
See Section 64.1.4, Configuring LDAP Authentication. - Option B: Configure manually by editing the /var/opt/novell/groupwise/calhost/calhost.cfg file:
- Replace the Admin.Ldap.ip=<ipAddress>:389 with Admin.Ldap.ip=<ipAddress>:636
- Save and Close the file.
- After you edit the calhost.cfg file, you must restart Apache and Tomcat in order to put the changes into effect.
See Section 64.2.6, Restarting the Web Server. - Attempt to Login to the Administration Web Console.
- (Not always required) If unable to authenticate, proceed with the steps below to configure the SSL Trusted Root Certificate:
- See the steps from the Exporting a Trusted Root or Public Key Certificate section, Novell Certificate Server 2.7.x Administration Guide. Provide the exported Trusted Root Certificate on the server for the CalHost.
- Configure Calendar Publishing Host to use this exported Trusted Root Certificate:
See Section 64.2.5, Changing the SSL Trusted Root Certificate. - After you edit the calhost.cfg file, you must restart Apache and Tomcat in order to put the changes into effect.
See Section 64.2.6, Restarting the Web Server.
Cause
The LDAP server is denying authentication attempts over simple binds, port 389.
Additional Information
Use the following command to test the LDAP server's response with a simple bind over port 389:
ldapsearch -x -h <ldapServerAddress> -D <adminFDN> -W
(ie. ldapsearch -x -h 151.155.215.91 -D cn=admin,o=novell -W)