Thank you so much

The error was in the file that generated the CA certificate.

After replacing it worked perfectly.

2014-10-16 4:30 GMT-03:00 Clément OUDOT <[email protected]>:

>
>
> 2014-10-15 17:57 GMT+02:00 Anderson <[email protected]>:
>
>>
>> Hi All,
>>
>
> Hi,
>
>
>
>>
>> I am learning to use the LSC and need help please.
>> I'm having problems trying to connect to a remote server LDAPS on port
>> 636
>>
>> Here are my settings:
>>
>>       <ldapConnection>
>>                         <name>ldap-dst-conn</name>
>>
>> <url>ldaps://remotehost/ou=people,dc=homolog,dc=br </url>
>>
>> <username>cn=userrep,ou=people,dc=homolog,dc=br</username>
>>                         <password>secret</password>
>>                         <authentication>SIMPLE</authentication>
>>                         <referral>IGNORE</referral>
>>                         <derefAliases>NEVER</derefAliases>
>>                         <version>VERSION_3</version>
>>                         <pageSize>-1</pageSize>
>>
>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>>                         <tlsActivated>false</tlsActivated>
>>                 </ldapConnection>
>>
>>
>> The certificates:
>>
>> cat LAB_CER.cer  LAB_KEY.key  > LAB.pem
>> #keytool -import -file /etc/lsc/certs/LAB.pem -keystore
>> /etc/lsc/certs/labcert
>> #keytool -import -file /etc/lsc/certs/LAB_CA.cer -keystore
>> /etc/lsc/certs/cacert
>> the shell script:
>> SSL_OPTS="-Djavax.net.ssl.keyStore=/etc/lsc/certs/labcert
>>  -Djavax.net.ssl.keyStorePassword=secret
>> -Djavax.net.ssl.trustStore=/etc/lsc/certs/cacert
>> -Djavax.net.ssl.trustStorePassword=secret"
>>
>>
>> I checked the certificate
>> #openssl s_client -connect remotehost:636 -cert LAB_CER.cer -key
>> LAB_KEY.key
>> CONNECTED(00000003)
>> depth=1 DC = lab, DC = homolog, CN = homolog
>> verify error:num=19:self signed certificate in certificate chain
>> verify return:0
>> ---
>> Certificate chain
>> .
>> .
>> .
>>
>> The error:
>> # lsc -s Lab -c Lab
>> Oct 15 12:04:21 - INFO  - Logging configuration successfully loaded from
>> /etc/lsc/logback.xml
>> Oct 15 12:04:21 - INFO  - LSC configuration successfully loaded from
>> /etc/lsc/
>> Oct 15 12:04:22 - INFO  - Connecting to LDAP server
>> ldaps://remotehost/ou=pop-al,ou=people,dc=homolog,dc=br as
>> cn=userrep,ou=people,dc=homolog,dc=br
>> Oct 15 12:04:22 - ERROR - Error opening the LDAP connection to the
>> destination! (javax.naming.CommunicationException: simple bind failed:
>> remotehost:636 [Root exception is javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target])
>> Oct 15 12:04:22 - ERROR - org.lsc.exception.LscConfigurationException:
>> Configuration exception: javax.naming.CommunicationException: simple bind
>> failed: remotehost:636 [Root exception is
>> javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target]
>>
>>
>>
>> Please, where I mistake?
>>
>>
>
> Have you tried to export SSL_OPTS before running lsc?
>
>
> Clément.
>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to