Re: Web Container Authentication Via LDAP

[Andrew Jaquith]

You are pretty new to this whole Java thing aren't you?
It appears that 1) your LDAP server requires SSL (a good thing!) and  
that 2) your LDAP's SSL certificate is self-signed and therefore not  
trusted.

Java keeps an internal list of SSL certs it trusts. Your self-signed  
CA is not one of them. You need to add the SSL certificate CA (that  
is, the self-signed root) to your local JSSE trusted certificate  
store. This is at $JAVA_HOME/lib/security/cacerts.

The Java command line tool "keytool" can do this. You can also use my  
SSLHelper class, part of my freshcookies-security.jar that ships with  
JSPWiki. Indeed, I wrote it for just this situation. See the docs at freshcookies.org 
 for details.

With either aproach, you will need appprpriate admin rights to modify  
the truststore.

Andrew

On Oct 6, 2009, at 8:29, anilkumarkatta <anilkumarka...@gmail.com>  
wrote:



....contd.
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable  
to find
valid certification path to requested target


anilkumarkatta wrote:

Hi All

I have tried to authenticate via LDAP server with all the  
configuration
procedure explained in the URL
http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
with a user provided LDAP settings, I got firewall team to get the  
secure
port open from where application is talking to the LDAP.

i am getting this exception while start of the application


2009-10-06 22:14:04,581 [Thread-2] INFO
org.apache.catalina.tribes.membership.McastService - Done sleeping,
membership established, start level:4
2009-10-06 22:14:04,581 [Thread-2] INFO
org.apache.catalina.tribes.membership.McastService - Sleeping for  
1000
milliseconds to establish cluster membership, start level:8
2009-10-06 22:14:05,581 [Thread-2] INFO
org.apache.catalina.tribes.membership.McastService - Done sleeping,
membership established, start level:8
2009-10-06 22:14:06,144 [Thread-2] WARN
org.apache.catalina.core.ContainerBase.[Catalina] - Exception  
performing
authentication
javax.naming.CommunicationException: simple bind failed:
ARTE001.MYDOMAIN.AK.com:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable  
to find
valid certification path to requested target]
   at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)


where as when I place other deatails of the LDAP its working fine.
does this required any cerification files like .jks files.. if so  
where
shall I place them?

your replies are most welcome

Regards,
-Anil Katta


--
View this message in context: 
http://www.nabble.com/Web-Container-Authentication-Via-LDAP-tp25767713p25767801.html
Sent from the JspWiki - User mailing list archive at Nabble.com.