[Deploying Sakai] LDAPS connections to AD

Tiebout, Ryan rtiebout at rwu.edu
Tue May 4 13:12:24 PDT 2010

Thank you for your reply.  I tried what you suggested, not sure if I did it correctly but now I get this error in the stdout log file:
2010-05-04 16:09:01,719 ERROR http-80-1 edu.amc.sakai.user.JLDAPDirectoryProvider - getUser() failed [eid: null]
LDAPException: Reader thread terminated (91) Connect Error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

any ideas?


From: Mike De Simone [mailto:michael.desimone at rsmart.com]
Sent: Tuesday, May 04, 2010 3:33 PM
To: Tiebout, Ryan
Cc: production at collab.sakaiproject.org
Subject: Re: [Deploying Sakai] LDAPS connections to AD

I use the 'keytool' program to import the certificates from AD into a keystore.  I usually create a custom keystore, but if you import into java's system keystore 'cacerts' (located in $JAVA_HOME/jre/lib/security), this will probably allow them to be picked up automatically by java at runtime and you would be good to go.


Mike DeSimone
Sr. Technical Consultant
tel: 602-490-0473
icq: 161896611

On Tue, May 4, 2010 at 09:57, Tiebout, Ryan <rtiebout at rwu.edu<mailto:rtiebout at rwu.edu>> wrote:
Hello all,
I was able to get Sakai to authenticate to AD using LDAP and the JLDAPDirectoryProvider.  However I am trying to setup the same connections using LDAPS.  I believe that it is failing now with the keystore definition.
Has anyone gotten this to work?  Also how should the keystore be created, should I import the certs involved from the dc's or what should go into the keystore?

Thank you for your help.

A. Ryan Tiebout
Systems Administrator III
Work: 401-254-3414
Roger Williams University

production mailing list
production at collab.sakaiproject.org<mailto:production at collab.sakaiproject.org>

TO UNSUBSCRIBE: send email to production-unsubscribe at collab.sakaiproject.org<mailto:production-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20100504/e708f66a/attachment.html 

More information about the production mailing list