It works!!!! Maybe this is useful for others. I was adding the certificate to a newly created keystore, and trying to indicate to dspace the location of that keystore. It is easier than that. DSpace uses the jdk keystore, so adding the certificate to the jdk keystore ($JAVA_HOME/jre/lib/security/cacerts) was sufficient.
Thanks a lot. Stuart Lewis escribió: > Hi Carlos, > > The following links will help you install your LDAP certificate locally: > > http://confluence.atlassian.com/display/CONFKB/Unable+to+Connect+to+SSL+Services+due+to+PKIX+Path+Building+Failed+sun.security.provider.certpath.SunCertPathBuilderException > > http://confluence.atlassian.com/display/DOC/Connect+to+LDAP,+JIRA+or+Other+Services+Via+SSL > > The 'authentication.x509.keystore' are for a different authentication method > so will not be used. > > Thanks, > > > Stuart Lewis > Digital Services Programmer > Te Tumu Herenga The University of Auckland Library > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand > Ph: 64 9 373-7599 x81928 > http://www.library.auckland.ac.nz/ > > > -----Original Message----- > From: Carlos Testera González [mailto:[email protected]] > Sent: Monday, 15 June 2009 11:43 p.m. > To: [email protected] > Subject: [Dspace-tech] Problems with ldaps > > Hello everyone. > I'm new to the list, so forgive me if this has been already answered. > I have a new DSpace 1.5.2 installation that works ok under Tomcat 6.0.18 > and Java 1.6 all running in a Red Hat Linux. We're still in the test > stage and one of the steps is authentication. We have a LDAP server to > authenticate against. I've made all the changes in order to enable LDAP > authentication and it also works ok. The problem arises when I try to > make the authentication secure, that is, throught LDAPS. > We have a self signed certificate in the ldap server. I have imported > that certificate to a keystore in the machine that is running the > DSpace. This is my configuration (only what I think that affects to this > issue). Remember that with "normal" ldap (not ldaps) it works properly, > under xmlui and jspui. > > ------------------------------------------- > ldap.provider_url = ldaps://ldap.my.organization.es/ > .... (all the ldap configuration in order to work) > > plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ > org.dspace.authenticate.X509Authentication, \ > org.dspace.authenticate.LDAPHierarchicalAuthentication, \ > org.dspace.authenticate.PasswordAuthentication > > authentication.x509.keystore.path = /path/to/mykeystore > authentication.x509.keystore.password = keystore_password > (I've also made tests with authentication.x509.ca.cert = /path/to/cacert) > > authentication.x509.autoregister = true > ------------------------------------------- > > I always get the same error: > > ------------------------------------------- > 2009-06-15 13:28:36,065 INFO > org.dspace.authenticate.LDAPHierarchicalAuthentication @ > anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:auth:attempting > > trivial auth of user=the_user > 2009-06-15 13:28:36,172 WARN > org.dspace.authenticate.LDAPHierarchicalAuthentication @ > anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:ldap_authentication:type=failed_auth > > javax.naming.CommunicationException\colon; simple bind failed\colon; > ldap.my.organization.es\colon;636 [Root exception is > javax.net.ssl.SSLHandshakeException\colon; > sun.security.validator.ValidatorException\colon; PKIX path building > failed\colon; > sun.security.provider.certpath.SunCertPathBuilderException\colon; unable > to find valid certification path to requested target] > 2009-06-15 13:28:36,172 INFO > org.dspace.authenticate.LDAPHierarchicalAuthentication @ > anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:failed_login:no > > DN found for user the_user > 2009-06-15 13:28:36,173 INFO > org.dspace.authenticate.PasswordAuthentication @ > anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:authenticate:attempting > > password auth of user=the_user > 2009-06-15 13:28:36,175 INFO org.dspace.app.webui.servlet.LDAPServlet @ > anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:failed_login:netid=the_user, > > result=2 > ------------------------------------------- > > I think that the "unable to find valid certification path to requested > target" sentence is the most significant, but all the paths are ok. I > don't know what more to try. > Some help would be great. > > Thanks in advance. > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech > -- Carlos Testera González [email protected] Tf: 987291000 ext.5568 Universidad de León Servicio de Informática y Comunicaciones Edificio CRAI-TIC ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
