2014-10-15 17:57 GMT+02:00 Anderson <[email protected]>: > > Hi All, >
Hi, > > I am learning to use the LSC and need help please. > I'm having problems trying to connect to a remote server LDAPS on port 636 > > Here are my settings: > > <ldapConnection> > <name>ldap-dst-conn</name> > <url>ldaps://remotehost/ou=people,dc=homolog,dc=br > </url> > > <username>cn=userrep,ou=people,dc=homolog,dc=br</username> > <password>secret</password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>-1</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > </ldapConnection> > > > The certificates: > > cat LAB_CER.cer LAB_KEY.key > LAB.pem > #keytool -import -file /etc/lsc/certs/LAB.pem -keystore > /etc/lsc/certs/labcert > #keytool -import -file /etc/lsc/certs/LAB_CA.cer -keystore > /etc/lsc/certs/cacert > the shell script: > SSL_OPTS="-Djavax.net.ssl.keyStore=/etc/lsc/certs/labcert > -Djavax.net.ssl.keyStorePassword=secret > -Djavax.net.ssl.trustStore=/etc/lsc/certs/cacert > -Djavax.net.ssl.trustStorePassword=secret" > > > I checked the certificate > #openssl s_client -connect remotehost:636 -cert LAB_CER.cer -key > LAB_KEY.key > CONNECTED(00000003) > depth=1 DC = lab, DC = homolog, CN = homolog > verify error:num=19:self signed certificate in certificate chain > verify return:0 > --- > Certificate chain > . > . > . > > The error: > # lsc -s Lab -c Lab > Oct 15 12:04:21 - INFO - Logging configuration successfully loaded from > /etc/lsc/logback.xml > Oct 15 12:04:21 - INFO - LSC configuration successfully loaded from > /etc/lsc/ > Oct 15 12:04:22 - INFO - Connecting to LDAP server > ldaps://remotehost/ou=pop-al,ou=people,dc=homolog,dc=br as > cn=userrep,ou=people,dc=homolog,dc=br > Oct 15 12:04:22 - ERROR - Error opening the LDAP connection to the > destination! (javax.naming.CommunicationException: simple bind failed: > remotehost:636 [Root exception is javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target]) > Oct 15 12:04:22 - ERROR - org.lsc.exception.LscConfigurationException: > Configuration exception: javax.naming.CommunicationException: simple bind > failed: remotehost:636 [Root exception is > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target] > > > > Please, where I mistake? > > Have you tried to export SSL_OPTS before running lsc? Clément.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
