JAAS ldap issue
IAM David Bantz
dabantz at alaska.edu
Wed Jun 3 19:00:50 UTC 2020
My legacy JAAS config was modeled on this v2 documentation:
Seems I have several places with the older v2 vocabulary; I don't know why
it has apparently been working for StartTLS and for ldap (unencrypted)
connections, but I will update all the modules.
On Wed, Jun 3, 2020 at 8:16 AM IAM David Bantz <dabantz at alaska.edu> wrote:
> Mike Grady correctly noted my use of very old (v2) names in my JAAS config.
> The following appears to work (ssl-> useSSL, tls->useStartTLS,
> sslSocketFactory->credetnialConfig; cf. bottom of
> I'm testing with random credentials, so await final verification by real
> // UA Authenticator is proxy to AD allows some expired accounts to
> org.ldaptive.jaas.LdapLoginModule sufficient
> bindDn="CN=cas c. casacct,ou=sw_service
> bindCredential="$C at c99@cT"
> On Wed, Jun 3, 2020 at 7:52 AM Cantor, Scott <cantor.2 at osu.edu> wrote:
>> You can crank up logging, but at the end of the day, the error means what
>> it says. Having been spelunking a whole lot of trust chain issues since
>> Saturday, I can tell you that when it's not working there's always a
>> reason, even when you're banging your head against it.
>> Of course if you can connect over ldap://and you're getting a real error
>> anyway, I'd be more worried about resolving that since it's just going to
>> happen again once you manage to connect with ldaps://
>> -- Scott
>> For Consortium Member technical support, see
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users