JAAS ldap issue
Daniel Fisher
dfisher at vt.edu
Wed Jun 3 16:12:52 UTC 2020
On Wed, Jun 3, 2020 at 11:47 AM IAM David Bantz <dabantz at alaska.edu> wrote:
> And to be clear, the jaas.config for this lone "ldaps" source is ldaps
> with tls=false and ssl=true; did not see explicit mention of the ssl=true
> component, so I've tried with ssl=false as well, receiving same logged
> error on attempted connection:
>
> DEBUG [137.229.6.122] org.ldaptive.provider.jndi.JndiConnectionFactory:105
> > Error connecting to LDAP URL: ldaps://cas-auth-t.alaska.edu:6361
>
> org.ldaptive.provider.ConnectionException:
> javax.naming.CommunicationException: cas-auth-t.alaska.edu:6361 [Root
> exception is javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target]
>
> // UA Authenticator is proxy to AD allows some expired accounts to
> authenticate
>
> org.ldaptive.jaas.LdapLoginModule sufficient
>
> ldapUrl="ldaps://cas-auth-t.alaska.edu:6361"
>
> baseDn="dc=ua,dc=adt,dc=alaska,dc=edu"
>
> bindDn="CN=...,ou=...,dc=ua,dc=adt,dc=alaska,dc=edu"
>
> bindCredential="•••••••••••"
>
> subtreeSearch="true"
>
>
> sslSocketFactory="{trustCertificates=file:/opt/shibboleth-idp-D/credentials/UAADrootCAs-P-Q-D-T-InC.pem}"
>
> ssl="true"
>
> tls="false"
>
> userFilter="(|(sAMAccountName={user})(uaIdentifier={user}))"
>
> connectTimeout="3000"
>
> resultTimeout="3000"
>
> ;
>
>
Change 'sslSocketFactory' to 'credentialConfig' and see if that works. Can
you point me to the documentation you're using? I should give it a once
over.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200603/4302ba26/attachment.htm>
More information about the users
mailing list