I read "SSL Considerations" in https://wiki.jasig.org/display/CASUM/LDAP (see below). I am curious if it is a necessary requirement to trust LDAPS certificate on JVM truststore. I do not see any explicit exception error (as indicated in the instruction), although I did not trust LDAPS certificate. I trust CAS server SSL certificate on JVM truststore (I believe that this is a different matter). The point of the confusion is this: In current development, I experience user authentication failure. I wonder whether this issue is related to LDAPS certificate trust. If so, why didn't I see the exception throw? Confusions!!!
--------SSL Considerations--------- Make sure LDAP is connecting over SSL by using the ldaps protocol in the url above. The default ldaps port is 636. Failing to do so will generate LDAP authentication exceptions with the error code 49. Please note that the JVM needs to trust the certificate of your SSL enabled LDAP server, else CAS will refuse to connect to your LDAP server. You can add the LDAP server's certificate to the JVM trust store ($JAVA_HOME/jre/lib/security/cacerts by default) to solve that issue.JVM will throw "unable to find valid certification path to requested target" exception when it doesn't find certificate sent by ldap server into keystore. There is a nice open source utility called InstallCert.java available from Sun which can add certificate returned by ldap server into your JVM keystore, use that to solve this problem -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
