IdP 3.4.3 Windows Installation LDAP Config Troubleshooting

Glanville, Peter C. pcglanville at nsu.edu
Mon Apr 8 12:57:53 EDT 2019


Hello all,
I am attempting to configure our newly minted tested environment with our AD and are running into some interesting issues related to SSL and authentication.

Current Version: IdP 3.4.3 Windows Install with built in Jetty
Relevant Contents of ldap.properties:

idp.authn.LDAP.authenticator=bindSearchAuthenticator

## Connection properties ##

idp.authn.LDAP.useSSL                          = true
idp.authn.LDAP.useStartTLS                     = false
idp.authn.LDAP.ldapURL                          = ldaps://snsudc05.nsu.edu
idp.authn.LDAP.sslConfig                       = jvmTrust


The error I am getting back our when I attempt to login is:

2019-04-08 12:53:51,335 - 192.68.217.16 - ERROR [org.ldaptive.pool.BlockingConnectionPool:509] - [org.ldaptive.pool.BlockingConnectionPool at 1272190310::name=search-pool, poolConfig=[org.ldaptive.pool.PoolConfig at 1286848443::minPoolSize=3, maxPoolSize=10, validateOnCheckIn=false, validateOnCheckOut=false, validatePeriodically=true, validatePeriod=300, validateTimeout=5000], activator=null, passivator=null, validator=[org.ldaptive.pool.SearchValidator at 204777480::searchRequest=[org.ldaptive.SearchRequest at 233963868::baseDn=, searchFilter=[org.ldaptive.SearchFilter at 1642584434::filter=(objectClass=*), parameters={}], returnAttributes=[1.1], searchScope=OBJECT, timeLimit=0, sizeLimit=1, derefAliases=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, followReferrals=false, intermediateResponseHandlers=null]] pruneStrategy=[org.ldaptive.pool.IdlePruneStrategy at 1857554651::prunePeriod=300, idleTime=600], connectOnCreate=true, connectionFactory=[org.ldaptive.DefaultConnectionFactory at 1933107636::provider=org.ldaptive.provider.jndi.JndiProvider at aa219bb, config=[org.ldaptive.ConnectionConfig at 9437396::ldapUrl=ldaps://snsudc05.nsu.edu, connectTimeout=3000, responseTimeout=3000, sslConfig=[org.ldaptive.ssl.SslConfig at 816239295::credentialConfig=null, trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=true, useStartTLS=false, connectionInitializer=[org.ldaptive.BindConnectionInitializer at 2042253334::bindDn=CN=LDAPShibTest,OU=Shibboleth,OU=Service,OU=User Accounts,DC=nsu,DC=edu, bindSaslConfig=null, bindControls=null]]], initialized=false, availableCount=0, activeCount=0] unable to connect to the ldap
org.ldaptive.OperationException: javax.naming.CommunicationException: snsudc05.nsu.edu:636 [Root exception is java.lang.NullPointerException: Thread local SslConfig has not been set]
      at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:67)
Caused by: javax.naming.CommunicationException: snsudc05.nsu.edu:636
      at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:229)
Caused by: java.lang.NullPointerException: Thread local SslConfig has not been set
      at org.ldaptive.ssl.ThreadLocalTLSSocketFactory.getDefault(ThreadLocalTLSSocketFactory.java:70)


With some cursory searching, I am not too sure what to make of this.

Looks like, as stated, the SSLConfig is not being set so it cannot connect over SSL because of that. I've tried a couple of different ways with flipping SSL/TLS bits but to no avail. Thank you for any assistance.

Peter Glanville
Enterprise Infrastructure Manager
Office of Information Technology
Marie V. McDemmond Center for Applied Research
555 Park Avenue, Suite 401
Norfolk, Virginia 23504
(757) 823-8098 (Office)
(757) 823-2128 (Fax)
pcglanville at nsu.edu
www.nsu.edu<http://www.nsu.edu/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190408/b7f7c115/attachment.html>


More information about the users mailing list