Hi,
I'm having trouble authenticating LDAP users via LDAPS, port 636.
I created the keystore and imported the CA certificate and the OM server's
certificate.
I didn't create a truststore but I suppose I don't need to if I want to accept
*any* connecting client?
So I set the env variables
JAVA_OPTS and
JAVA_OPT="-Djavax.net.ssl.keyStore=/opt/openmeetings/red5/conf/keystore
-Djavax.net.ssl.keyStorePassword=myPassword"
(I suppose the correct name is JAVA_OPTS but the om_ldap.cfg file comment
specifies JAVA_OPT which may be a typo)
When I try to login via ldaps I get the following in the OM log:
DEBUG 02-26 13:02:48.935 LdapLoginManagement.java 288376 421
org.apache.openmeetings.ldap.LdapLoginManagement [NioProcessor-18] -
authenticating admin...
DEBUG 02-26 13:02:48.937 LdapAuthBase.java 288378 101
org.apache.openmeetings.ldap.LdapAuthBase [NioProcessor-18] - authenticateUser
DEBUG 02-26 13:02:48.940 LdapAuthBase.java 288381 117
org.apache.openmeetings.ldap.LdapAuthBase [NioProcessor-18] -
Authentification to LDAP - Server start
DEBUG 02-26 13:02:48.941 LdapAuthBase.java 288382 151
org.apache.openmeetings.ldap.LdapAuthBase [NioProcessor-18] - loginToLdapServer
ERROR 02-26 13:02:54.126 LdapAuthBase.java 293567 123
org.apache.openmeetings.ldap.LdapAuthBase [NioProcessor-18] -
Authentification on LDAP Server failed : simple bind failed:
ad1.mydomain.com:636
ERROR 02-26 13:02:54.174 LdapAuthBase.java 293615 124
org.apache.openmeetings.ldap.LdapAuthBase [NioProcessor-18] - [Authentification
on LDAP Server failed]
javax.naming.CommunicationException: simple bind failed: ad1.mydomain.com:636
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
~[na:1.6.0_24]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2685) ~[na:1.6.0_24]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:306) ~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
~[na:1.6.0_24]
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
~[na:1.6.0_24]
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
~[na:1.6.0_24]
at javax.naming.InitialContext.init(InitialContext.java:240)
~[na:1.6.0_24]
at javax.naming.InitialContext.<init>(InitialContext.java:214)
~[na:1.6.0_24]
at
javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:99)
~[na:1.6.0_24]
at
org.apache.openmeetings.ldap.LdapAuthBase.loginToLdapServer(LdapAuthBase.java:161)
~[openmeetings-2.1.0-SNAPSHOT.jar:na]
at
org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:119)
~[openmeetings-2.1.0-SNAPSHOT.jar:na]
at
org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:422)
[openmeetings-2.1.0-SNAPSHOT.jar:na]
at
org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333)
[openmeetings-2.1.0-SNAPSHOT.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.6.0_24]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[na:1.6.0_24]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.6.0_24]
at java.lang.reflect.Method.invoke(Method.java:616) ~[na:1.6.0_24]
at
org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196)
[red5.jar:na]
at
org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115)
[red5.jar:na]
at
org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157)
[red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399)
[red5.jar:na]
at
org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130)
[red5.jar:na]
at
org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164)
[red5.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
[mina-core-2.0.4.jar:na]
at
org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124)
[red5.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.filter.ssl.SslHandler.flushScheduledEvents(SslHandler.java:320)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:506)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141)
[mina-core-2.0.4.jar:na]
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
[mina-core-2.0.4.jar:na]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
[na:1.6.0_24]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
[na:1.6.0_24]
at java.lang.Thread.run(Thread.java:679) [na:1.6.0_24]
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
~[na:1.6.0_24]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1697)
~[na:1.6.0_24]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:257)
~[na:1.6.0_24]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:251)
~[na:1.6.0_24]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1165)
~[na:1.6.0_24]
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
~[na:1.6.0_24]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609)
~[na:1.6.0_24]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:545)
~[na:1.6.0_24]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:945)
~[na:1.6.0_24]
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
~[na:1.6.0_24]
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:657)
~[na:1.6.0_24]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:108)
~[na:1.6.0_24]
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
~[na:1.6.0_24]
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
~[na:1.6.0_24]
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:409)
~[na:1.6.0_24]
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:352)
~[na:1.6.0_24]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:210)
~[na:1.6.0_24]
... 55 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:324)
~[na:1.6.0_24]
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:224)
~[na:1.6.0_24]
at sun.security.validator.Validator.validate(Validator.java:235)
~[na:1.6.0_24]
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
~[na:1.6.0_24]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
~[na:1.6.0_24]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
~[na:1.6.0_24]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
~[na:1.6.0_24]
... 67 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:197)
~[na:1.6.0_24]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
~[na:1.6.0_24]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:319)
~[na:1.6.0_24]
... 73 common frames omitted
Any ideas?
Thanks,
Vieri
