AnsweredAssumed Answered

Error Clarity x LDAP

Question asked by MauricioLobao4213392 on Aug 10, 2013
Latest reply on Aug 13, 2013 by navzjoshi00
Hi Guys,

Someone have the error "unable to find valid certification path to requested target" ? This error occures when I try do synchronism with secure port (LDPAs). I realized the importation of certification, but error continues. When I use a port not secure the synchronism works fine.

Follow below my configuration in NSA:

Importation:
keytool -import -v -trustcacerts -alias NikuLdapServer -file
/clarity/HNDSINT.der -keystore cacerts

keytool -import -v -trustcacerts -alias CALdapServer -file
/clarity/RootCA.der -keystore cacerts

[webuser@ppmhx05a ~]$ keytool -list -keystore cacerts
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

caldapserver, Jul 23, 2013, trustedCertEntry,
Certificate fingerprint (SHA1):
76:E5:0B:76:93:7D:0B:AC:2B:43:D1:6F:AA:D9:15:15:09:00:39:6E
nikuldapserver, Jul 23, 2013, trustedCertEntry,
Certificate fingerprint (SHA1):
F1:E9:3B:96:8D:59:5B:E8:28:7C:4F:86:B0:BD:AE:5B:8D:B5:36:92


Error:
ERROR 2013-07-24 16:21:55,795 [Dispatch pool-4-thread-1 : bg@ppmhx05a (tenant=clarity)] directory.LDAPAddModifySyncAgent (clarity:admin:5869927__08F7CAC1-A547-4FE8-934D-21AED73467C0:LDAP - Synchronize New and Changed Users)
com.niku.security.directory.DirectoryServiceException:

importUsers():Could not talk with the Directory Server.

Possible causes:
1) Directory server is down,
2) Machine where bgserver is running is not able to communicate with Directory server.

Contact your Directory server administrator.



at com.niku.security.directory.LDAPDirectoryService.importUsers(LDAPDirectoryService.java:507)

at com.niku.security.directory.LDAPAddModifySyncAgent.scheduledEventFired(LDAPAddModifySyncAgent.java:49)

at com.niku.njs.Dispatcher$BGTask.run(Dispatcher.java:284)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)

at java.lang.Thread.run(Thread.java:722)
Caused by: javax.naming.CommunicationException: simple bind failed: 10.61.198.144:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Attachments

Outcomes