iManager ERROR: LDAP: error code 13 - Confidentiality Required
This document (7011373) is provided subject to the disclaimer at the end of this document.
Environment
Novell iManager 2.7.5
Novell Open Enterprise Server 2 SP 3
Novell Open Enterprise Server 2 SP 3
Situation
After restarting novell-tomcat (on OES2SP3), users were unable to perform particular functions (like change/reset passwords). The iManager error observed was:
Error: Simple bind failed. You may need to import the certificate from the server.
Creating LDAP context failed:
[LDAP: error code 13 - Confidentiality Required]
The /var/opt/novell/tomcat5/logs/catalina.out file contained the following error:
com.novell.emframe.dev.AuthBrokerException: Creating LDAP context failed:
[LDAP: error code 13 - Confidentiality Required]
at com.novell.emframe.fw.ldap.JndiLdapAuthenticator.authenticate(JndiLdapAuthenticator.java:186)
at com.novell.emframe.dev.AuthenticationBroker.getAPIObject(AuthenticationBroker.java:1318)
at com.novell.admin.pwdpolicy.AdvancedSetPassword.verifyUserObjectEntry(Unknown Source)
at com.novell.admin.pwdpolicy.AdvancedSetPassword.execute(Unknown Source)
at com.novell.nps.gadgetManager.BaseGadgetInstance.processRequest(BaseGadgetInstance.java:858)
at com.novell.nps.gadgetManager.BaseGadgetInstance.handleAction(BaseGadgetInstance.java:2384)
at com.novell.nps.gadgetManager.GadgetManager.processInstanceRequest(GadgetManager.java:1606)
Finally, ndstrace with +TAGS +TIME +LDAP showed the following:
1105291584 LDAP: [2012/11/13 14:00:32.77] Rejecting unencrypted bind on cleartext port in nds_back_bind, err = 13
Error: Simple bind failed. You may need to import the certificate from the server.
Creating LDAP context failed:
[LDAP: error code 13 - Confidentiality Required]
The /var/opt/novell/tomcat5/logs/catalina.out file contained the following error:
com.novell.emframe.dev.AuthBrokerException: Creating LDAP context failed:
[LDAP: error code 13 - Confidentiality Required]
at com.novell.emframe.fw.ldap.JndiLdapAuthenticator.authenticate(JndiLdapAuthenticator.java:186)
at com.novell.emframe.dev.AuthenticationBroker.getAPIObject(AuthenticationBroker.java:1318)
at com.novell.admin.pwdpolicy.AdvancedSetPassword.verifyUserObjectEntry(Unknown Source)
at com.novell.admin.pwdpolicy.AdvancedSetPassword.execute(Unknown Source)
at com.novell.nps.gadgetManager.BaseGadgetInstance.processRequest(BaseGadgetInstance.java:858)
at com.novell.nps.gadgetManager.BaseGadgetInstance.handleAction(BaseGadgetInstance.java:2384)
at com.novell.nps.gadgetManager.GadgetManager.processInstanceRequest(GadgetManager.java:1606)
Finally, ndstrace with +TAGS +TIME +LDAP showed the following:
1105291584 LDAP: [2012/11/13 14:00:32.77] Rejecting unencrypted bind on cleartext port in nds_back_bind, err = 13
Resolution
To resolve:
- Click on "Configure" icon in iManager.
- iManager server.
- Configure iManager server.
- Click on Authentication tab.
- Check the option which says "Use Secure LDAP for auto-connection".
Note: you may need to restart novell-tomcat in order to activate this setting - however logging out & back in should be sufficient.
Additional Information
Changing passwords is an NMAS function. As identified in the iManager 2.7 documentation - section 6.4.6 - NMAS-related plugins can be affected if "Use Secure LDAP for auto-connection" is disabled.
Disclaimer
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7011373
- Creation Date:14-NOV-12
- Modified Date:14-NOV-12
- NovellOpen Enterprise Server
- NetIQiManager
Did this document solve your problem? Provide Feedback