Active Directory ldaps authentication

Mr. Christopher Bland chris at
Mon Aug 3 12:11:55 EDT 2015

Hi All,

I am sure someone has figured this out but I seem to be missing something.  We are in the process of converting to an AD server for authentication.  I can do regular unencrypted auth no problem so I know my config is ok.  I can also do ldapsearch using ldaps by ignoring the cert using "TLS_REQCERT never”.  I keep getting "PKIX path building failed”.  I know from previous post it is a problem with tracing my cert back to a CA.  I have tried sslSocketFactory="{trustCertificates=file:path_to_AD_CA_cert}” in my login.config file.  I also tried adding the cert to my IDP keystone.  Neither have worked for me.  When I use openssl to get the AD ldap server cert I noticed that it is the CA cert.  The subject is blank and the issuer is my AD CA server. 

Do I need a different cert?  Am I missing something in my config?

Thank you in advance,


More information about the users mailing list