ldaps query - authn vs. attribute resolver

Ramaiah, Vanna G. ramaiah at musc.edu
Fri Jul 12 09:45:54 EDT 2019 

I am using AD ldap for authn and attribute resolver query. ldaps:// works fine for authn and but ldaps:// is throwing error for attribute query. I get the below communication exception error - SslConfig has not been set.
Do I need to set sslconfig for idp attribute resolver?

2019-07-12 08:58:16,548 -  - ERROR [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.ConnectionFactoryValidator:156] - Connection factory validation failed
org.ldaptive.OperationException: javax.naming.CommunicationException: xyz.com:636 [Root exception is java.lang.NullPointerException: Thread local SslConfig has not been set]
2019-07-12 08:58:16,553 -  - ERROR [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.LDAPDataConnector:151] - Data Connector 'myAD': Invalid connector configuration
net.shibboleth.idp.attribute.resolver.dc.ValidationException: [org.ldaptive.OperationException at 1722662717::resultCode=PROTOCOL_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.CommunicationException: xyz.com:636 [Root exception is java.lang.NullPointerException: Thread local SslConfig has not been set], providerException=javax.naming.CommunicationException: xyz.com:636 [Root exception is java.lang.NullPointerException: Thread local SslConfig has not been set]]

idp.authn.LDAP.ldapURL                         = ldaps://xyz.com
idp.authn.LDAP.useStartTLS                  = false
idp.authn.LDAP.useSSL                          = true
idp.authn.LDAP.sslConfig                       = certificateTrust
idp.authn.LDAP.trustCertificates             = %{idp.home}/credentials/cert.cert

idp.attribute.resolver.LDAP.ldapURL       = ldaps://xyz.com
idp.attribute.resolver.LDAP.trustCertificates   = %{idp.home}/credentials/cert.cer
idp.attribute.resolver.LDAP.useStartTLS         = false
idp.attribute.resolver.LDAP.useSSL              = true

<DataConnector id="myAD" xsi:type="LDAPDirectory"
        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
        baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
        principal="%{idp.attribute.resolver.LDAP.bindDN}"
        principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
        trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:false}">
        <FilterTemplate>
            <![CDATA[
                %{idp.attribute.resolver.LDAP.searchFilter}
            ]]>
        </FilterTemplate>
        <ReturnAttributes>%{idp.attribute.resolver.LDAP.returnAttributes}</ReturnAttributes>
</DataConnector>







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190712/0d58e83b/attachment.html>

More information about the users mailing list