LDAP issues after upgrading from 12 to 14

[Federica Santillo]

Hello team,

After upgrading from 12 to 14 we are experiencing issues with LDAP authentication and users are no longer able to login.

When we attempt to connect  to LDAP from the Spotfire configuration tool we get the following message:

 

We already checked with the LDAP team that the LDAP URL is correct and the service is listening on port 636, so we tried a curl command to the LDAP server from the spotfire server pod and it seems to have issues with the certificate even though in the /tomcat/certs folder I can see that the certificate is imported as jks:

Any idea on how to solve this?

Thank you

[Olivier Keugue Tadaa]

Hi @Federica Santillo

I’m sorry to hear that. And hope you planned a rollback scenario as we recommend.

To better investigate I’d encourage you to start by creating a support ticket if not yet done. 
Since you have  identified the root cause, is it possible to reinstall the certificate by following the documentation ? 

 

[Federica Santillo]

Hi @Olivier Keugue Tadaa,

Thank you for your reply.

Yes I already opened a support ticket (#02306223).

The problem when I try to reinstall the certificate is that I m not able to find any jdk folder in the installation dir to run the keytool command as required by the official doc https://docs.tibco.com/pub/spotfire_server/14.0.0/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/installing_ca_certificates.html.

[Olivier Keugue Tadaa]

Thanks, Federica

A quick explanation, Since you are working on a Kubernetes environment, when you created a new Spotfire image, the certificate was lost. Note that when you are running in such an environment you should store this location on a persistent volume. This is valid for all locations that should not be lost after an upgrade. This is something you will have to change after this issue is fixed.

Are you saying that you don't have the JDK at this location <installation dir>/jdk,  as the below instructions suggest?

 https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/configuring_ldaps.html 

You have normally done that during your initial installation.

[Federica Santillo]

Hi Olivier,

 

Yes I confirm that we have the certificate stored in a volume.  That's why we were not expecting to "lose" it during the upgrade.

Correct, I am not able to find the jdk folder in the installation directory (see the img attached).