iManager ERROR: LDAP: error code 13 - Confidentiality Required

  • 7011373
  • 14-Nov-2012
  • 14-Nov-2012

Environment

Novell iManager 2.7.5
Novell Open Enterprise Server 2 SP 3

Situation

After restarting novell-tomcat (on OES2SP3), users were unable to perform particular functions (like change/reset passwords).  The iManager error observed was:

Error: Simple bind failed. You may need to import the certificate from the server.

Creating LDAP context failed:
[LDAP: error code 13 - Confidentiality Required]


The /var/opt/novell/tomcat5/logs/catalina.out file contained the following error:

com.novell.emframe.dev.AuthBrokerException: Creating LDAP context failed:
[LDAP: error code 13 - Confidentiality Required]
        at com.novell.emframe.fw.ldap.JndiLdapAuthenticator.authenticate(JndiLdapAuthenticator.java:186)
        at com.novell.emframe.dev.AuthenticationBroker.getAPIObject(AuthenticationBroker.java:1318)
        at com.novell.admin.pwdpolicy.AdvancedSetPassword.verifyUserObjectEntry(Unknown Source)
        at com.novell.admin.pwdpolicy.AdvancedSetPassword.execute(Unknown Source)
        at com.novell.nps.gadgetManager.BaseGadgetInstance.processRequest(BaseGadgetInstance.java:858)
        at com.novell.nps.gadgetManager.BaseGadgetInstance.handleAction(BaseGadgetInstance.java:2384)
        at com.novell.nps.gadgetManager.GadgetManager.processInstanceRequest(GadgetManager.java:1606)


Finally, ndstrace with +TAGS +TIME +LDAP showed the following:
1105291584 LDAP: [2012/11/13 14:00:32.77] Rejecting unencrypted bind on cleartext port in nds_back_bind, err = 13

Resolution

To resolve:
  1. Click on "Configure" icon in iManager.
  2. iManager server.
  3. Configure iManager server.
  4. Click on Authentication tab.
  5. Check the option which says "Use Secure LDAP for auto-connection".

Note: you may need to restart novell-tomcat in order to activate this setting - however logging out & back in should be sufficient.

Additional Information

Changing passwords is an NMAS function.  As identified in the iManager 2.7 documentation - section 6.4.6 - NMAS-related plugins can be affected if "Use Secure LDAP for auto-connection" is disabled.