Hello everyone.
I'm new to the list, so forgive me if this has been already answered.
I have a new DSpace 1.5.2 installation that works ok under Tomcat 6.0.18
and Java 1.6 all running in a Red Hat Linux. We're still in the test
stage and one of the steps is authentication. We have a LDAP server to
authenticate against. I've made all the changes in order to enable LDAP
authentication and it also works ok. The problem arises when I try to
make the authentication secure, that is, throught LDAPS.
We have a self signed certificate in the ldap server. I have imported
that certificate to a keystore in the machine that is running the
DSpace. This is my configuration (only what I think that affects to this
issue). Remember that with "normal" ldap (not ldaps) it works properly,
under xmlui and jspui.
-------------------------------------------
ldap.provider_url = ldaps://ldap.my.organization.es/
.... (all the ldap configuration in order to work)
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.X509Authentication, \
org.dspace.authenticate.LDAPHierarchicalAuthentication, \
org.dspace.authenticate.PasswordAuthentication
authentication.x509.keystore.path = /path/to/mykeystore
authentication.x509.keystore.password = keystore_password
(I've also made tests with authentication.x509.ca.cert = /path/to/cacert)
authentication.x509.autoregister = true
-------------------------------------------
I always get the same error:
-------------------------------------------
2009-06-15 13:28:36,065 INFO
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:auth:attempting
trivial auth of user=the_user
2009-06-15 13:28:36,172 WARN
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:ldap_authentication:type=failed_auth
javax.naming.CommunicationException\colon; simple bind failed\colon;
ldap.my.organization.es\colon;636 [Root exception is
javax.net.ssl.SSLHandshakeException\colon;
sun.security.validator.ValidatorException\colon; PKIX path building
failed\colon;
sun.security.provider.certpath.SunCertPathBuilderException\colon; unable
to find valid certification path to requested target]
2009-06-15 13:28:36,172 INFO
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:failed_login:no
DN found for user the_user
2009-06-15 13:28:36,173 INFO
org.dspace.authenticate.PasswordAuthentication @
anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:authenticate:attempting
password auth of user=the_user
2009-06-15 13:28:36,175 INFO org.dspace.app.webui.servlet.LDAPServlet @
anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:failed_login:netid=the_user,
result=2
-------------------------------------------
I think that the "unable to find valid certification path to requested
target" sentence is the most significant, but all the paths are ok. I
don't know what more to try.
Some help would be great.
Thanks in advance.
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
