[
https://issues.apache.org/jira/browse/GERONIMO-3812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566035#action_12566035
]
Sakari Maaranen commented on GERONIMO-3812:
-------------------------------------------
I worked around this issue by installing the ApacheDS 1.0.2 standalone. This
configuration I am using now probably takes up a little more RAM and requires
extra management work. Also, I couldn't get LDAPS working with the Geronimo
LDAP Viewer. The Viewer does work with regular LDAP.
There must be some problem with selecting the keystore for the Geronimo LDAP
application, because I keep getting the following exception in the ApacheDS
standalone log: /usr/local/apacheds-1.0.2/var/log/apacheds-stdout.log
2008-02-05 17:46:36,132 WARN
org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler:
[/127.0.0.1:57424] Unexpected exception forcing session to close: sending
disconnect notice to client.
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:425)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1486)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
at
org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:677)
at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:494)
at
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:293)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:393)
... 8 more
I am not sure, but to me it seems that when trying to connect, the Geronimo
LDAP Viewer does not recognize the ApacheDS LDAPS certificate. The above
message is in the ApacheDS log, but I guess this certificate_unknown alert
originates from Geronimo?
Any advice on how to set the keystore and trusted certificates for the Geronimo
LDAP Viewer to connect to a LDAPS enabled standalone server is welcome!
My ApacheDS 1.0.2 LDAPS server is working correctly and I verified that by
connecting to it with the Eclipse Apache Directory Studio tools. Only the above
problem still persists with the Geronimo LDAP Viewer.
Especially if this bug is not going to be fixed, it would be great to at least
have a good workaround documented here.
> Geronimo 2.0.2 misses ApacheDS (LDAP) function
> ----------------------------------------------
>
> Key: GERONIMO-3812
> URL: https://issues.apache.org/jira/browse/GERONIMO-3812
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: documentation, Plugins
> Affects Versions: 2.0.2
> Environment: Debian Linux, java version "1.5.0_14",
> geronimo-tomcat6-jee5-2.0.2
> Reporter: Sakari Maaranen
>
> Geronimo documentation at
> http://cwiki.apache.org/GMOxDOC20/ldap-sample-application.html talks about
> org.apache.geronimo.configs/directory in system modules, but that does not
> exist in Geronimo 2.0.2.
> There is also a reference to Geronimo plugins. However, when I go to Plugins
> in the Geronimo console and search the geronimo-2.0.2 reposityory there is
> nothing related to ApacheDS or Directory. Like if the ApacheDS function was
> completely missing.
> The ApacheDS plugin should be added to the 2.0.2 plugin repository. The
> documentation should be updated to give the steps how to install ApacheDS
> with or without the plugin. The LDAP demo is useless if ApacheDS is
> unavailable.
> I found this much earlier discussion on the topic:
> http://www.mail-archive.com/[email protected]/msg52749.html
> http://www.mail-archive.com/[email protected]/msg55148.html
> Frankly, I don't think that the forward compatibility is so much an issue,
> but 2.0.2 completely lacking LDAP server. Would be better have it, even
> without forward compatibility.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
