Thank you so much The error was in the file that generated the CA certificate.
After replacing it worked perfectly. 2014-10-16 4:30 GMT-03:00 Clément OUDOT <[email protected]>: > > > 2014-10-15 17:57 GMT+02:00 Anderson <[email protected]>: > >> >> Hi All, >> > > Hi, > > > >> >> I am learning to use the LSC and need help please. >> I'm having problems trying to connect to a remote server LDAPS on port >> 636 >> >> Here are my settings: >> >> <ldapConnection> >> <name>ldap-dst-conn</name> >> >> <url>ldaps://remotehost/ou=people,dc=homolog,dc=br </url> >> >> <username>cn=userrep,ou=people,dc=homolog,dc=br</username> >> <password>secret</password> >> <authentication>SIMPLE</authentication> >> <referral>IGNORE</referral> >> <derefAliases>NEVER</derefAliases> >> <version>VERSION_3</version> >> <pageSize>-1</pageSize> >> >> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >> <tlsActivated>false</tlsActivated> >> </ldapConnection> >> >> >> The certificates: >> >> cat LAB_CER.cer LAB_KEY.key > LAB.pem >> #keytool -import -file /etc/lsc/certs/LAB.pem -keystore >> /etc/lsc/certs/labcert >> #keytool -import -file /etc/lsc/certs/LAB_CA.cer -keystore >> /etc/lsc/certs/cacert >> the shell script: >> SSL_OPTS="-Djavax.net.ssl.keyStore=/etc/lsc/certs/labcert >> -Djavax.net.ssl.keyStorePassword=secret >> -Djavax.net.ssl.trustStore=/etc/lsc/certs/cacert >> -Djavax.net.ssl.trustStorePassword=secret" >> >> >> I checked the certificate >> #openssl s_client -connect remotehost:636 -cert LAB_CER.cer -key >> LAB_KEY.key >> CONNECTED(00000003) >> depth=1 DC = lab, DC = homolog, CN = homolog >> verify error:num=19:self signed certificate in certificate chain >> verify return:0 >> --- >> Certificate chain >> . >> . >> . >> >> The error: >> # lsc -s Lab -c Lab >> Oct 15 12:04:21 - INFO - Logging configuration successfully loaded from >> /etc/lsc/logback.xml >> Oct 15 12:04:21 - INFO - LSC configuration successfully loaded from >> /etc/lsc/ >> Oct 15 12:04:22 - INFO - Connecting to LDAP server >> ldaps://remotehost/ou=pop-al,ou=people,dc=homolog,dc=br as >> cn=userrep,ou=people,dc=homolog,dc=br >> Oct 15 12:04:22 - ERROR - Error opening the LDAP connection to the >> destination! (javax.naming.CommunicationException: simple bind failed: >> remotehost:636 [Root exception is javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target]) >> Oct 15 12:04:22 - ERROR - org.lsc.exception.LscConfigurationException: >> Configuration exception: javax.naming.CommunicationException: simple bind >> failed: remotehost:636 [Root exception is >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target] >> >> >> >> Please, where I mistake? >> >> > > Have you tried to export SSL_OPTS before running lsc? > > > Clément. >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
