[Deploying Sakai] LDAPS connections to AD
Tiebout, Ryan
rtiebout at rwu.edu
Tue May 4 13:12:24 PDT 2010
Thank you for your reply. I tried what you suggested, not sure if I did it correctly but now I get this error in the stdout log file:
2010-05-04 16:09:01,719 ERROR http-80-1 edu.amc.sakai.user.JLDAPDirectoryProvider - getUser() failed [eid: null]
LDAPException: Reader thread terminated (91) Connect Error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
any ideas?
-Ryan
From: Mike De Simone [mailto:michael.desimone at rsmart.com]
Sent: Tuesday, May 04, 2010 3:33 PM
To: Tiebout, Ryan
Cc: production at collab.sakaiproject.org
Subject: Re: [Deploying Sakai] LDAPS connections to AD
I use the 'keytool' program to import the certificates from AD into a keystore. I usually create a custom keystore, but if you import into java's system keystore 'cacerts' (located in $JAVA_HOME/jre/lib/security), this will probably allow them to be picked up automatically by java at runtime and you would be good to go.
Thanks,
-------------------------------
Mike DeSimone
Sr. Technical Consultant
rSmart
tel: 602-490-0473
icq: 161896611
On Tue, May 4, 2010 at 09:57, Tiebout, Ryan <rtiebout at rwu.edu<mailto:rtiebout at rwu.edu>> wrote:
Hello all,
I was able to get Sakai to authenticate to AD using LDAP and the JLDAPDirectoryProvider. However I am trying to setup the same connections using LDAPS. I believe that it is failing now with the keystore definition.
Has anyone gotten this to work? Also how should the keystore be created, should I import the certs involved from the dc's or what should go into the keystore?
Thank you for your help.
***************************************
A. Ryan Tiebout
Systems Administrator III
Work: 401-254-3414
Roger Williams University
_______________________________________________
production mailing list
production at collab.sakaiproject.org<mailto:production at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/production
TO UNSUBSCRIBE: send email to production-unsubscribe at collab.sakaiproject.org<mailto:production-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20100504/e708f66a/attachment.html
More information about the production
mailing list