Product: TIBCO Spotfire®
LDAP authentication failures and "simple bind failed: xxxxx.domain.com:636" error seen after upgrading TIBCO Spotfire server
If LDAPS is currently used for the TIBCO Spotfire Server authentication (see Configuring LDAP and Configuring LDAP for more details) and the server is upgraded to a newer version, the users might not be able to log in to the TIBCO Spotfire Server if the "cacerts" is not copied from the older version to the upgraded version. Users may see a "Wrong username or password" error message while logging in, and the following error will be seen while browsing the "context names" in the LDAP configuration, through configuration tool:
Could not auto configure the LDAP configuration to determine root contexts.
simple bind failed: xxxxx.domain.com:636
In TIBCO Spotfire Server's server.log file, the following error will be seen:
Caused by: javax.naming.CommunicationException: simple bind failed: xxxxx.domain.com:636 [Root exception is
java.net.SocketException: Connection reset]
The above issue can be a result of the "cacerts" file being missing from the "<installation dir>/jdk/jre/lib/security" directory in the upgraded environment. After upgrading the TIBCO Spotfire Server, the "cacerts" file located under the "<installation dir>/jdk/jre/lib/security" directory in the older version must be copied to the same location in the upgraded version.
Note: If the CA certificate is not included in the cacerts file by default, the CA certificate used to issue the LDAP server's certificate must be imported before running the upgrade tool, as mentioned in the LDAPS documentation. Doc: Configuring LDAP