[jira] [Updated] (AMBARI-24827) LDAP users fail to authenticate using LDAPS due to `No subject alternative DNS name` exception

Fri, 26 Oct 2018 07:55:05 -0700 


     [ 
https://issues.apache.org/jira/browse/AMBARI-24827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas updated AMBARI-24827:
----------------------------------
    Affects Version/s:     (was: 2.6.2)
                       2.7.3

> LDAP users fail to authenticate using LDAPS due to `No subject alternative 
> DNS name` exception
> ----------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-24827
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24827
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.7.3
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Major
>             Fix For: 2.7.3
>
>
> LDAP users fail to authenticate using LDAPS due to `No subject alternative 
> DNS name` exception:
> {noformat}
> 2018-10-26 14:49:45,716  WARN [ambari-client-thread-37] 
> AmbariLdapAuthenticationProvider:126 - Failed to communicate with the LDAP 
> server: simple bind failed: ad.example.com:636; nested exception is 
> javax.naming.CommunicationException: simple bind failed: ad.example.com:636 
> [Root exception is javax.net.ssl.SSLHandshakeException: 
> java.security.cert.CertificateException: No subject alternative DNS name 
> matching ad.example.com found.]
> {noformat}
> This is the other half of the issue from AMBARI-24533 (which was related to 
> the LDAP sync process).  
> Note:  If LDAP sync is performed before a user attempts to log in, then the 
> issue will not be seen since the system property, 
> {{com.sun.jndi.ldap.object.disableEndpointIdentification}}, would have 
> already been set to "true".   However, the logic path setting this value is 
> not reached for an authentication attempt. 
> Note: This occurs with OpenJDK 1.8.0.191 and maybe some earlier versions.
> {noformat}
> openjdk version "1.8.0_191"
> OpenJDK Runtime Environment (build 1.8.0_191-b12)
> OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode)
> {noformat}
> This does not occur with Oracle JDK 1.8.0.112
> {noformat}
> java version "1.8.0_112"
> Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
> Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to