On Jul 16, 2009, at 2:08 PM, alehx wrote:
I have searched google and the geronimo knowledge base far and wide
and have
not been able to come up with a solution to my issue.
We are developing a web application that requires LDAP
authentication to 1)
Determine if the user exists and his/her credentials are correct 2)
to serve
the correct pages and privileges to authenticated users.
However, we have reached a road block. After implementing the security
realms, keystores, and web-specific deployment plans, we have been
unable to
get past the authentication prompt for user credentials.
No matter what I have tried, the error message is always
ERROR [LDAPLoginModule] javax.naming.CommunicationException: simple
bind
failed: my.ldap.server:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable
to find
valid certification path to requested target]
WARN [log] AUTH FAILURE: user UserName
I followed the keytool directives for obtaining a valid certificate
and
created a new certificate via the Geronimo console. I have also tried
importing a valid certificate manually buy copy/paste and changes to
the
config.xml file.. all to no avail.
If the issue is the security realm, we have contacted the LDAP server
administrators and obtained the correct settings for our use. I have
tried
creating a server via the console and via the geronimo-application.xml
I'm not sure if the issue is the server believes the certificate is
invalid
or it cannot find a matching certificate after the LDAP server is
contacted.
The keystore I am using is in the geronimo var/security/keystore
directory
and also registered in the system wide java keystore (cacerts.)
If anyone could suggest some things to get geronimo to accept the
certificates in my keystore or to somehow link them so they will be
of use
would be great.
I think this is a user list question. I think the absolute minimum
information anyone would need to start guessing at what is wrong would
be
- the entire stack trace from the exception
- details of how you are trying to connect to the ldap server.
In particular... is this an ssl connection? tls? does the ldap server
expect the client to authenticate with a client side certificate or
user/password?
Despite the lack of this information I'd guess that you are connecting
over ssl and the geronimo truststore does not have a certificate to
enable it to trust the certificate from the ldap server.
david jencks
Thanks
--
View this message in context:
http://www.nabble.com/Error%3A-%22unable-to-find-valid-certification-path-to-requested-target%22-tp24524543s134p24524543.html
Sent from the Apache Geronimo - Dev mailing list archive at
Nabble.com.
