[Deploying Sakai] LDAPS connections to AD
rtiebout at rwu.edu
Tue May 4 13:12:24 PDT 2010
Thank you for your reply. I tried what you suggested, not sure if I did it correctly but now I get this error in the stdout log file:
2010-05-04 16:09:01,719 ERROR http-80-1 edu.amc.sakai.user.JLDAPDirectoryProvider - getUser() failed [eid: null]
LDAPException: Reader thread terminated (91) Connect Error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
From: Mike De Simone [mailto:michael.desimone at rsmart.com]
Sent: Tuesday, May 04, 2010 3:33 PM
To: Tiebout, Ryan
Cc: production at collab.sakaiproject.org
Subject: Re: [Deploying Sakai] LDAPS connections to AD
I use the 'keytool' program to import the certificates from AD into a keystore. I usually create a custom keystore, but if you import into java's system keystore 'cacerts' (located in $JAVA_HOME/jre/lib/security), this will probably allow them to be picked up automatically by java at runtime and you would be good to go.
Sr. Technical Consultant
On Tue, May 4, 2010 at 09:57, Tiebout, Ryan <rtiebout at rwu.edu<mailto:rtiebout at rwu.edu>> wrote:
I was able to get Sakai to authenticate to AD using LDAP and the JLDAPDirectoryProvider. However I am trying to setup the same connections using LDAPS. I believe that it is failing now with the keystore definition.
Has anyone gotten this to work? Also how should the keystore be created, should I import the certs involved from the dc's or what should go into the keystore?
Thank you for your help.
A. Ryan Tiebout
Systems Administrator III
Roger Williams University
production mailing list
production at collab.sakaiproject.org<mailto:production at collab.sakaiproject.org>
TO UNSUBSCRIBE: send email to production-unsubscribe at collab.sakaiproject.org<mailto:production-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the production