Login to TIBCO Spotfire Server web interface fails with LDAP authentication with error "Error communicating with LDAP directory, refreshing LDAP context and retrying"
book
Article ID: KB0075621
calendar_today
Updated On:
Products
Versions
Spotfire Server
All Versions
Description
When LDAP authentication is configured on the TIBCO Spotfire Server and invalid context names are used in the configuration, then logging in may fail and the following error message may be seen in the server.log:
DEBUG 2020-04-08T14:28:16,590-0500 [*Initialization*] server.ldap.WrappedLdapContext: Error communicating with LDAP directory, refreshing LDAP context and retrying javax.naming.CommunicationException: nc.com:389 at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:151) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1861) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) ~[?:1.8.0_201] at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) ~[?:1.8.0_201] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) ~[?:1.8.0_201] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341) ~[?:1.8.0_201] at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) ~[?:1.8.0_201] at com.spotfire.server.ldap.WrappedLdapContext.search(WrappedLdapContext.java:346) ~[spotfire-server.jar:?] at com.spotfire.server.ldap.LdapConfigFactory.validateContextNames(LdapConfigFactory.java:582) ~[spotfire-server.jar:?] at com.spotfire.server.ldap.LdapConfigFactory.initReferencedLdapConfigs(LdapConfigFactory.java:184) ~[spotfire-server.jar:?] at com.spotfire.server.ldap.LdapConfigFactory.<init>(LdapConfigFactory.java:133) ~[spotfire-server.jar:?] at com.spotfire.server.ldap.LdapConfigFactory.<init>(LdapConfigFactory.java:89) ~[spotfire-server.jar:?] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:1.8.0_201] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:1.8.0_201] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:1.8.0_201] at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_201] at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:172) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:117) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:300) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:285) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1325) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1171) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:555) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:515) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:849) ~[spring-beans.jar:5.1.5.RELEASE] at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:877) ~[spring-context.jar:5.1.5.RELEASE] at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:549) ~[spring-context.jar:5.1.5.RELEASE] at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:400) ~[spring-web.jar:5.1.5.RELEASE] at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:291) ~[spring-web.jar:5.1.5.RELEASE] at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:103) ~[spring-web.jar:5.1.5.RELEASE] at com.spotfire.server.lifecycle.SpotfireServerInitializer.contextInitialized(SpotfireServerInitializer.java:56) ~[spotfire-server.jar:?] at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4680) ~[catalina.jar:9.0.17] at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5150) ~[catalina.jar:9.0.17] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[catalina.jar:9.0.17] at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:713) ~[catalina.jar:9.0.17] at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690) ~[catalina.jar:9.0.17] at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:695) ~[catalina.jar:9.0.17] at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:631) ~[catalina.jar:9.0.17] at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1832) ~[catalina.jar:9.0.17] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[?:1.8.0_201] at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:1.8.0_201] at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) ~[tomcat-util.jar:9.0.17] at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) ~[?:1.8.0_201] at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:526) ~[catalina.jar:9.0.17] at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:425) ~[catalina.jar:9.0.17] at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1577) ~[catalina.jar:9.0.17] at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) ~[catalina.jar:9.0.17] at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) ~[catalina.jar:9.0.17] at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:424) ~[catalina.jar:9.0.17] at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:367) ~[catalina.jar:9.0.17] at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:929) ~[catalina.jar:9.0.17] at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:831) ~[catalina.jar:9.0.17] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[catalina.jar:9.0.17] at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1377) ~[catalina.jar:9.0.17] at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1367) ~[catalina.jar:9.0.17] at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:1.8.0_201] at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) ~[tomcat-util.jar:9.0.17] at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) ~[?:1.8.0_201] at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:902) ~[catalina.jar:9.0.17] at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262) ~[catalina.jar:9.0.17] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[catalina.jar:9.0.17] at org.apache.catalina.core.StandardService.startInternal(StandardService.java:423) ~[catalina.jar:9.0.17] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[catalina.jar:9.0.17] at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:928) ~[catalina.jar:9.0.17] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[catalina.jar:9.0.17] at org.apache.catalina.startup.Catalina.start(Catalina.java:634) ~[catalina.jar:9.0.17] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_201] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_201] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_201] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_201] at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:350) ~[bootstrap.jar:9.0.17] at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) ~[bootstrap.jar:9.0.17] Caused by: java.net.ConnectException: Connection timed out: connect at java.net.DualStackPlainSocketImpl.connect0(Native Method) ~[?:1.8.0_201] at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79) ~[?:1.8.0_201] at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[?:1.8.0_201] at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[?:1.8.0_201] at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[?:1.8.0_201] at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172) ~[?:1.8.0_201] at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_201] at java.net.Socket.connect(Socket.java:589) ~[?:1.8.0_201] at java.net.Socket.connect(Socket.java:538) ~[?:1.8.0_201] at java.net.Socket.<init>(Socket.java:434) ~[?:1.8.0_201] at java.net.Socket.<init>(Socket.java:211) ~[?:1.8.0_201] at com.sun.jndi.ldap.Connection.createSocket(Connection.java:375) ~[?:1.8.0_201] at com.sun.jndi.ldap.Connection.<init>(Connection.java:215) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1609) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151) ~[?:1.8.0_201] at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52) ~[?:1.8.0_201] at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601) ~[?:1.8.0_201] at javax.naming.spi.NamingManager.processURL(NamingManager.java:381) ~[?:1.8.0_201] at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361) ~[?:1.8.0_201] at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:119) ~[?:1.8.0_201] ... 76 more DEBUG 2020-04-08T14:32:50,935-0500 [unknown, #2, #15] server.ldap.LdapContextFactory: Closing LdapContext for ldap://ldap.nc.chapelhill.com:3268 DEBUG 2020-04-08T14:32:50,939-0500 [unknown, #2, #15] server.security.JaasAuthenticator: Authentication failed for user 'ncuser' DEBUG 2020-04-08T14:32:51,635-0500 [unknown, #2, #15] server.security.SecurityFilter: User authentication failed
You may also notice below error in tools.log
WARN 2020-04-08T14:25:49,859-0500 server.ldap.LdapConfigFactory: LDAP configuration TIBCO contains the invalid context name 'OU=Domain Users,DC=nc,DC=com' javax.naming.CommunicationException: nc.com:389 at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:151) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1861) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) ~[?:1.8.0_201] at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) ~[?:1.8.0_201] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) ~[?:1.8.0_201] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341) ~[?:1.8.0_201] at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) ~[?:1.8.0_201] at com.spotfire.server.ldap.WrappedLdapContext.search(WrappedLdapContext.java:346) ~[spotfire-server.jar:?] at com.spotfire.server.ldap.LdapConfigFactory.validateContextNames(LdapConfigFactory.java:582) ~[spotfire-server.jar:?] at com.spotfire.server.ldap.LdapConfigFactory.initReferencedLdapConfigs(LdapConfigFactory.java:184) ~[spotfire-server.jar:?] at com.spotfire.server.ldap.LdapConfigFactory.<init>(LdapConfigFactory.java:133) ~[spotfire-server.jar:?] at com.spotfire.server.config.tool.AbstractUserDirectoryCommand.run(AbstractUserDirectoryCommand.java:91) ~[spotfire-server.jar:?] at com.spotfire.server.tools.confui.AdministrationTab.runCommand(AdministrationTab.java:428) ~[spotfire-tss-tools.jar:?] at com.spotfire.server.tools.confui.AdministrationTab.listAdmins(AdministrationTab.java:498) ~[spotfire-tss-tools.jar:?] at com.spotfire.server.tools.confui.AdministrationTab.changeTabStatus(AdministrationTab.java:617) ~[spotfire-tss-tools.jar:?] at com.spotfire.server.tools.confui.AdministrationTab.lambda$setUpListeners$24(AdministrationTab.java:420) ~[spotfire-tss-tools.jar:?] at com.spotfire.server.tools.confui.ConfigUiMessenger.lambda$sendMessage$11(ConfigUiMessenger.java:73) ~[spotfire-tss-tools.jar:?] at java.util.ArrayList.forEach(ArrayList.java:1257) [?:1.8.0_201] at com.spotfire.server.tools.confui.ConfigUiMessenger.sendMessage(ConfigUiMessenger.java:68) [spotfire-tss-tools.jar:?] at com.spotfire.server.tools.confui.ConfigUiModel.setBootstrapPath(ConfigUiModel.java:241) [spotfire-tss-tools.jar:?] at com.spotfire.server.tools.confui.BootstrapTab.useExistingBootstrap(BootstrapTab.java:439) [spotfire-tss-tools.jar:?] at com.spotfire.server.tools.confui.BootstrapTab.tryUsingExistingBootstrap(BootstrapTab.java:465) [spotfire-tss-tools.jar:?] at com.spotfire.server.tools.confui.ConfigurationFrame.<init>(ConfigurationFrame.java:88) [spotfire-tss-tools.jar:?] at com.spotfire.server.tools.confui.ConfigurationMain$2.run(ConfigurationMain.java:69) [spotfire-tss-tools.jar:?] at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311) [?:1.8.0_201] at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) [?:1.8.0_201] at java.awt.EventQueue.access$500(EventQueue.java:97) [?:1.8.0_201] at java.awt.EventQueue$3.run(EventQueue.java:709) [?:1.8.0_201] at java.awt.EventQueue$3.run(EventQueue.java:703) [?:1.8.0_201] at java.security.AccessController.doPrivileged(Native Method) [?:1.8.0_201] at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74) [?:1.8.0_201] at java.awt.EventQueue.dispatchEvent(EventQueue.java:728) [?:1.8.0_201] at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205) [?:1.8.0_201] at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) [?:1.8.0_201] at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) [?:1.8.0_201] at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) [?:1.8.0_201] at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) [?:1.8.0_201] at java.awt.EventDispatchThread.run(EventDispatchThread.java:82) [?:1.8.0_201] Caused by: java.net.ConnectException: Connection timed out: connect at java.net.DualStackPlainSocketImpl.connect0(Native Method) ~[?:1.8.0_201] at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79) ~[?:1.8.0_201] at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[?:1.8.0_201] at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[?:1.8.0_201] at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[?:1.8.0_201] at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172) ~[?:1.8.0_201] at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_201] at java.net.Socket.connect(Socket.java:589) ~[?:1.8.0_201] at java.net.Socket.connect(Socket.java:538) ~[?:1.8.0_201] at java.net.Socket.<init>(Socket.java:434) ~[?:1.8.0_201] at java.net.Socket.<init>(Socket.java:211) ~[?:1.8.0_201] at com.sun.jndi.ldap.Connection.createSocket(Connection.java:375) ~[?:1.8.0_201] at com.sun.jndi.ldap.Connection.<init>(Connection.java:215) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1609) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151) ~[?:1.8.0_201] at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52) ~[?:1.8.0_201] at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601) ~[?:1.8.0_201] at javax.naming.spi.NamingManager.processURL(NamingManager.java:381) ~[?:1.8.0_201] at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361) ~[?:1.8.0_201] at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333) ~[?:1.8.0_201] at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:119) ~[?:1.8.0_201] ... 38 more
The configured context name here in this case is OU=Domain Users,DC=nc,DC=com while it supposed to be OU=Domain Users,DC=nc,DC=chapelhill,DC=com
Resolution
To resolve, update the TIBCO Spotfire Server's LDAP configuration with the correct context names and restart the Spotfire Server service. Below are the instructions:
Open the TIBCO Spotfire Server configuration tool (see Opening the configuration tool): Login to uiconfig.bat file (uiconfig.sh on Linux) which is located in the <Installation dir>\tomcat\spotfire-bin directory OR search for TIBCO Spotfire Server Configuration in Windows for the desired version
Open the configuration, navigate to "User Directory: LDAP" and update the context name as seen in below screenshot:
Save the configuration back to the database.
Restart the Spotfire Server service.
After the Spotfire Server has completed startup successfully, attempt to log in again.
Issue/Introduction
This article explains why "Error communicating with LDAP directory, refreshing LDAP context and retrying javax.naming.CommunicationException: nc.com:389" is seen in server.log when attempting to login into the TIBCO Spotfire Server web interface.