Hi List,
We are using the spectrum 8.1 (SP2) in our environment. I have configured the
SSL LDAP for the encryption of data between spectrum web server and AD server.
Configuration works fine until I restart the windows service "SpectrumTomcat"
and now, no domain user is able to login to the spectrum server. I have also
loaded appropriate ldap certificate in keystore.
Following is the section of stdout.log after turning on the SSORB security on:
===============================================================
Nov 10, 2009 1:58:28 PM (http-443-Processor3) (SecuritySP) - Couldn't
authenticate user against directory
Nov 10, 2009 1:58:31 PM (http-443-Processor3) (SecuritySP) - --------
lalit.tyagi --------
Nov 10, 2009 1:58:31 PM (http-443-Processor3) (SecuritySP) - IN getUserRoles
for lalit.tyagi
Nov 10, 2009 1:58:31 PM (http-443-Processor3) (SecuritySP) - Getting user model
for lalit.tyagi
Nov 10, 2009 1:58:31 PM (http-443-Processor3) (SecuritySP) - Getting user model
by filter from admin domain bw-spectrum-dv1
Nov 10, 2009 1:58:31 PM (http-443-Processor3) (SecuritySP) - Got user model:
lalit.tyagi
Nov 10, 2009 1:58:31 PM (http-443-Processor3) (SecuritySP) - Authenticating
user with external directory server: lalit.tyagi
Nov 10, 2009 1:58:31 PM (http-443-Processor3) (SecuritySP) - Getting user by
search: sAMAccountName=lalit.tyagi
Nov 10, 2009 1:58:31 PM - Problem verifying user
:javax.naming.PartialResultException [Root exception is
javax.naming.CommunicationException: simple bind failed:
internal.bwater.com:636 [Root exception is javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake]]
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:224)
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
at
com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.getUserBySearch(SpectrumJNDIRealm.java:1303)
at
com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.getUser(SpectrumJNDIRealm.java:1144)
at
com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.verifyUser(SpectrumJNDIRealm.java:1071)
at
com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.authenticate(SpectrumJNDIRealm.java:955)
at
com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.authenticate(SpectrumJNDIRealm.java:831)
at
com.aprisma.spectrum.app.web.servlet.container.SecuritySpSSORB.initModelDomains(SecuritySpSSORB.java:838)
at
com.aprisma.spectrum.app.web.servlet.container.SecuritySpSSORB.getUserRoles(SecuritySpSSORB.java:1089)
at
com.aprisma.tomcat.realm.SecurityRealm.authenticate(SecurityRealm.java:172)
at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:128)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:480)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at
org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:198)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:433)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:955)
at
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2460)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:133)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at
org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:119)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:545)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:433)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:955)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:127)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:433)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:955)
at
org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:157)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.naming.CommunicationException: simple bind failed:
internal.bwater.com:636 [Root exception is javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake]
at
com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:74)
at
com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:339)
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)
... 38 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection
during handshake
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:742)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at
com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
at
com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
at
com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
at
javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
at
javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
at
javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
at
javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
at
com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
... 41 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at
com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:723)
... 59 more
=========================================================
Does any one face this problem before? I would really appreciates the
suggestion to resolve this issue.
Thanks
Lalit Tyagi
----------------------------------------
This message is intended exclusively for the individual(s) or entity to
which it is addressed. It may contain information that is proprietary,
privileged or confidential or otherwise legally exempt from disclosure.
If you are not the named addressee, you are not authorized to read,
print, retain, copy or disseminate this message or any part of it.
If you have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the message.
---
To unsubscribe from spectrum, send email to [email protected] with the body:
unsubscribe spectrum [email protected]
