Le 29/09/2017 à 17:27, Bruno Miguel Martins a écrit :
Hi Clément,
I am currently checking that out, although I broke my LDAPS connect to AD, with
the following error:
[root@lcs jre]# /usr/bin/lsc -f /etc/lsc/openldap2ad -s all -c all
Sep 29 16:26:10 - INFO - Logging configuration successfully loaded from
/etc/lsc/openldap2ad/logback.xml
Sep 29 16:26:10 - INFO - LSC configuration successfully loaded from
/etc/lsc/openldap2ad/
Sep 29 16:26:10 - INFO - Connecting to LDAP server
ldaps://dc01.bmartins.local/DC=bmartins,DC=local as
CN=LSC,CN=Users,DC=bmartins,DC=local
Sep 29 16:26:11 - ERROR - Error opening the LDAP connection to the destination!
(javax.naming.CommunicationException: simple bind failed:
dc01.bmartins.local:636 [Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target])
Sep 29 16:26:11 - ERROR - org.lsc.exception.LscConfigurationException:
Configuration exception: javax.naming.CommunicationException: simple bind
failed: dc01.bmartins.local:636 [Root exception is
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target]
It worked perfectly well previously with WS2016 DC...
Hello,
I can't say more than there is a certificate validation issue. If you
changed the AD server, maybe you need to import the new CA certificate.
See also https://lsc-project.org/documentation/howto/ssltls
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
