Dear Helix, > 1) tail -f dspace.log, try to log into dspace using ldap and watch for > any useful log messages
Thank you, that did it. In dspace.log I had: 2015-11-20 11:16:23,558 WARN org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=D10A5DFB98065DECE80D197D0E29BCC8:ip_addr=192.41.170.57:ldap_authentication:type=failed_auth javax.naming.CommunicationException\colon; anonymous bind failed\colon; ldap.cs.ait.ac.th\colon;636 [Root exception is javax.net.ssl.SSLHandshakeException\colon; sun.security.validator.ValidatorException\colon; PKIX path building failed\colon; sun.security.provider.certpath.SunCertPathBuilderException\colon; unable to find valid certification path to requested target] 2015-11-20 11:16:23,558 INFO org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=D10A5DFB98065DECE80D197D0E29BCC8:ip_addr=192.41.170.57:failed_login:no DN found for user turlututucvb >From the error "PKIX path building failed" I managed to google that my self signed CA was missing in Java keystore. I had overlooked the fact that OpenJDK was also upgraded and that the keystore was overwritten, I had to use keytool to import my own CA again. > 2) if that doesn't help, capture network communication between your > dspace and ldap server: > dspace@dspace:~$ tshark -i eth0 -p -f "host 1.2.3.4" -w output.cap > user@local:~$ wireshark output.cap > This may help reval a) whether there's any communication at all and b) > any responses from the LDAP server that might fail to show up in the > dspace log. That, I tried, but that is not easy to follow because DSpace LDAP is mixced up with all other LDAP connections on that same machine. Best regards, Olivier -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
