When configuring LDAPS using Configuration Tool "Test connection" does not result in Connecting .. OK message
Article ID: KB0076142
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.11.2-7.11.9, 7.14-10.4 |
Description
In TIBCO Spotfire Server Configuration Tool in Configuration tab when configuring User Directory: LDAP settings there is a button called Test connection.
If, as an administrator, you want to secure the LDAP protocol using TLS (if your LDAP directory supports this) you would be configuring LDAPS settings in that section. Using Test connection button will not be a useful test for the LDAPS configuration.
When LDAP settings are correctly configured the expected result of clicking Test connection button is following:
However in Spotfire Server versions 7.11.2-7.11.9 and versions 7.14 - 10.4 the following result will be seen even if the LDAPS configuration is correct and LDAPS certificate was correctly added:
If, as an administrator, you want to secure the LDAP protocol using TLS (if your LDAP directory supports this) you would be configuring LDAPS settings in that section. Using Test connection button will not be a useful test for the LDAPS configuration.
When LDAP settings are correctly configured the expected result of clicking Test connection button is following:
However in Spotfire Server versions 7.11.2-7.11.9 and versions 7.14 - 10.4 the following result will be seen even if the LDAPS configuration is correct and LDAPS certificate was correctly added:
Resolution
The reason for above mentioned behaviour is that Java has made changes in the versions of Java that is used for Spotfire versions 7.11.2-7.11.9 and versions 7.14 - 10.4.
For those versions the hostname of LDAPS server is resolved to IP and tries to connect to that IP when hitting the Test connection button. That does not work because IP is not part of the CN in the certificate.
Therefore not seeing OK message in Configuration Tool for those version of Spotfire does not necessarily mean that there would be a problem of connecting to specified LDAPS server during the startup of Spotfire Server.
The future service pack releases for 7.11 and 10.3 will address that behaviour of the Test connection button.
For those versions the hostname of LDAPS server is resolved to IP and tries to connect to that IP when hitting the Test connection button. That does not work because IP is not part of the CN in the certificate.
Therefore not seeing OK message in Configuration Tool for those version of Spotfire does not necessarily mean that there would be a problem of connecting to specified LDAPS server during the startup of Spotfire Server.
The future service pack releases for 7.11 and 10.3 will address that behaviour of the Test connection button.
Issue/Introduction
When configuring LDAPS using Configuration Tool "Test connection" does not result in Connecting .. OK message
Additional Information
Doc: TIBCO Spotfire Server and Environment - Installation and Administration - 10.3.6 - Configuring LDAP
Doc: TIBCO Spotfire Server and Environment - Installation and Administration - 10.3.6 - Configuring LDAPS
Feedback
Yes
No
Powered by
