AnsweredAssumed Answered

LDAPS and Clarity?

Question asked by jessica.lofgren1.1 on Jan 24, 2011
Latest reply on Jan 15, 2015 by GermanK
Hi,

Running release 8.1.5 on a Windows 2003 server and trying to sync users from an LDAP source which we've succeeded running unsecure LDAP over port 389, but as soon as we activate LDAPS by configuring the keystore and changing the URL to ldaps://servername-xx:636 we get an error message in the log as seen below. I also want to point out that certificate has been imported to the keystore and it can be seen running the keytool -list command.

ERROR 2011-01-24 09:30:01,103 [Dispatch Thread-60 : bg@server] directory.LDAPAddModifySyncAgent (none:none:none)
com.niku.security.directory.DirectoryServiceException:

importUsers():Could not talk with the Directory Server.

Possible causes:
1) Directory server is down,
2) Machine where bgserver is running is not able to communicate with Directory server.

Contact your Directory server administrator.



at com.niku.security.directory.LDAPDirectoryService.importUsers(LDAPDirectoryService.java:454)

at com.niku.security.directory.LDAPAddModifySyncAgent.scheduledEventFired(LDAPAddModifySyncAgent.java:40)

at com.niku.njs.Dispatcher$BGTask.run(Dispatcher.java:265)

at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:732)

at java.lang.Thread.run(Thread.java:595)
Caused by: javax.naming.CommunicationException: simple bind failed: servername-xx:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)

at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)

at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)

at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)

at javax.naming.InitialContext.init(InitialContext.java:223)

at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)

at com.niku.security.directory.LDAPDirectoryService.getSearchDirContext(LDAPDirectoryService.java:873)

at com.niku.security.directory.LDAPDirectoryService.search(LDAPDirectoryService.java:1320)

at com.niku.security.directory.LDAPDirectoryService.importUsers(LDAPDirectoryService.java:373)

... 4 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)

at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)

at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)

at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)

at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192)

... 17 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)

at sun.security.validator.Validator.validate(Validator.java:203)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)

at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)

... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)

Anyone that can help in this issue?

Thanks!
Jessica

Outcomes