Hi all,
how is expected StartTLS to work?
This is my OpenLDAP connection:
<ldapConnection>
<name>openldap-conn</name>
<url>ldap://ldap.example.org:389/dc=example,dc=org</url>
<username>cn=lsc,ou=agents,dc=example,dc=org</username>
<password>secret</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>true</tlsActivated>
</ldapConnection>
But when I run:
./bin/lsc -a all -f etc/
I receive:
ago 06 11:43:28 - INFO - Connecting to LDAP server
ldap://ldap.example.org:389/dc=example,dc=org as
cn=lsc,ou=agents,dc=example,dc=org
ago 06 11:43:28 - ERROR - Error opening the LDAP connection to the
destination! (javax.naming.AuthenticationNotSupportedException: [LDAP:
error code 13 - confidentiality required])
ago 06 11:43:28 - ERROR - org.lsc.exception.LscConfigurationException:
Configuration exception:
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 -
confidentiality required]
ago 06 11:43:28 - DEBUG - org.lsc.exception.LscConfigurationException:
Configuration exception:
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 -
confidentiality required]
org.lsc.exception.LscConfigurationException: Configuration exception:
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 -
confidentiality required]
at org.lsc.Task.<init>(Task.java:148) ~[lsc-core-2.1.1.jar:na]
at org.lsc.SimpleSynchronize.init(SimpleSynchronize.java:104)
~[lsc-core-2.1.1.jar:na]
at org.lsc.SimpleSynchronize.launch(SimpleSynchronize.java:154)
~[lsc-core-2.1.1.jar:na]
at org.lsc.Launcher.run(Launcher.java:223) [lsc-core-2.1.1.jar:na]
at org.lsc.Launcher.launch(Launcher.java:158) [lsc-core-2.1.1.jar:na]
at org.lsc.Launcher.main(Launcher.java:141) [lsc-core-2.1.1.jar:na]
Caused by: java.lang.RuntimeException:
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 -
confidentiality required]
at org.lsc.jndi.JndiServices.getInstance(JndiServices.java:465)
~[lsc-core-2.1.1.jar:na]
at
org.lsc.jndi.AbstractSimpleJndiService.<init>(AbstractSimpleJndiService.java:176)
~[lsc-core-2.1.1.jar:na]
at
org.lsc.jndi.SimpleJndiSrcService.<init>(SimpleJndiSrcService.java:116)
~[lsc-core-2.1.1.jar:na]
at
org.lsc.service.SyncReplSourceService.<init>(SyncReplSourceService.java:138)
~[lsc-core-2.1.1.jar:na]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method) ~[na:1.7.0_65]
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
~[na:1.7.0_65]
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
~[na:1.7.0_65]
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
~[na:1.7.0_65]
at org.lsc.Task.<init>(Task.java:143) ~[lsc-core-2.1.1.jar:na]
... 5 common frames omitted
Caused by: javax.naming.AuthenticationNotSupportedException: [LDAP:
error code 13 - confidentiality required]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078)
~[na:1.7.0_65]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
~[na:1.7.0_65]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
~[na:1.7.0_65]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) ~[na:1.7.0_65]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) ~[na:1.7.0_65]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
~[na:1.7.0_65]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
~[na:1.7.0_65]
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
~[na:1.7.0_65]
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
~[na:1.7.0_65]
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
~[na:1.7.0_65]
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
~[na:1.7.0_65]
at javax.naming.InitialContext.init(InitialContext.java:242)
~[na:1.7.0_65]
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
~[na:1.7.0_65]
at org.lsc.jndi.JndiServices.initConnection(JndiServices.java:210)
~[lsc-core-2.1.1.jar:na]
at org.lsc.jndi.JndiServices.<init>(JndiServices.java:164)
~[lsc-core-2.1.1.jar:na]
at org.lsc.jndi.JndiServices.getInstance(JndiServices.java:321)
~[lsc-core-2.1.1.jar:na]
at org.lsc.jndi.JndiServices.getInstance(JndiServices.java:306)
~[lsc-core-2.1.1.jar:na]
at org.lsc.jndi.JndiServices.getInstance(JndiServices.java:462)
~[lsc-core-2.1.1.jar:na]
... 13 common frames omitted
while server logs:
Aug 6 11:37:21 ldap slapd[22500]: conn=16327 fd=19 ACCEPT from
IP=*******:37586 (IP=0.0.0.0:389)
Aug 6 11:37:21 ldap slapd[22500]: conn=16327 op=0 BIND
dn="cn=lsc,ou=agents,dc=example,dc=org" method=128
Aug 6 11:37:21 ldap slapd[22500]: conn=16327 op=0 RESULT tag=97 err=13
text=confidentiality required
Aug 6 11:37:21 ldap slapd[22500]: conn=16327 fd=19 closed (connection lost)
So it looks lsc is not starting TLS. ldaps with SSL works fine. What am
I doing wrong?
thank you,
Francesco
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
