[Deploying Sakai] LDAPS connections to AD
Mike De Simone
michael.desimone at rsmart.com
Tue May 4 14:33:34 PDT 2010
I've seen that error when the cert isn't correct or is expired.
There is also a command line program called SSLPoke that's useful in testing
this kind of connection. Also on this page is much more info that may be
useful for you. One thing that I saw on it was that the message could also
be from a self-signed cert. The page is not sakai specific, but more
java-specific and is applicable to what you're setting up here. See
http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
Thanks,
-------------------------------
Mike DeSimone
Sr. Technical Consultant
rSmart
tel: 602-490-0473
icq: 161896611
On Tue, May 4, 2010 at 13:12, Tiebout, Ryan <rtiebout at rwu.edu> wrote:
> Thank you for your reply. I tried what you suggested, not sure if I did
> it correctly but now I get this error in the stdout log file:
>
> 2010-05-04 16:09:01,719 ERROR http-80-1
> edu.amc.sakai.user.JLDAPDirectoryProvider - getUser() failed [eid: null]
>
> LDAPException: Reader thread terminated (91) Connect Error
>
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>
>
>
> any ideas?
>
>
>
> * *
>
> *-Ryan*
>
>
>
> *From:* Mike De Simone [mailto:michael.desimone at rsmart.com]
> *Sent:* Tuesday, May 04, 2010 3:33 PM
> *To:* Tiebout, Ryan
> *Cc:* production at collab.sakaiproject.org
> *Subject:* Re: [Deploying Sakai] LDAPS connections to AD
>
>
>
> I use the 'keytool' program to import the certificates from AD into a
> keystore. I usually create a custom keystore, but if you import into java's
> system keystore 'cacerts' (located in $JAVA_HOME/jre/lib/security), this
> will probably allow them to be picked up automatically by java at runtime
> and you would be good to go.
>
>
> Thanks,
>
> -------------------------------
> Mike DeSimone
> Sr. Technical Consultant
> rSmart
> tel: 602-490-0473
> icq: 161896611
>
> On Tue, May 4, 2010 at 09:57, Tiebout, Ryan <rtiebout at rwu.edu> wrote:
>
> Hello all,
>
> I was able to get Sakai to authenticate to AD using LDAP and the
> JLDAPDirectoryProvider. However I am trying to setup the same connections
> using LDAPS. I believe that it is failing now with the keystore definition.
>
> Has anyone gotten this to work? Also how should the keystore be created,
> should I import the certs involved from the dc’s or what should go into the
> keystore?
>
>
>
> Thank you for your help.
>
>
>
> * *
>
> **************************************** **
> A. Ryan Tiebout
> Systems Administrator III*
> *Work: 401-254-3414 *
> *Roger Williams University*
>
>
>
>
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
>
> TO UNSUBSCRIBE: send email to
> production-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20100504/358264b6/attachment-0001.html
More information about the production
mailing list