Hi Clément,

Thank you. Looks like I had to implicitly specify certificate file in my LSC 
script, instead of using global configuration.

Cheers!

-----Original Message-----
From: lsc-users [mailto:lsc-users-boun...@lists.lsc-project.org] On Behalf Of 
Clément OUDOT
Sent: Monday, March 12, 2018 6:58 AM
To: General discussions and help for Ldap Synchronization Connector (LSC) - 
Start here! <lsc-users@lists.lsc-project.org>
Subject: Re: [lsc-users] LSC LDAPS error

2018-03-11 1:26 GMT+01:00 Bruno Miguel Martins <bruno.miguel.mart...@iten.pt>:
> Good night guys!
>
> I'm trying to put LSC to work with Windows Server 2016 AD DS, fetching data 
> from an OpenLDAP server.
>
> Can someone please help me with the following LDAPS error in LSC, when 
> executing a dry run?
>
> Mar 11 00:21:29 - ERROR - org.lsc.exception.LscConfigurationException: 
> Configuration exception: javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to 
> find valid certification path to requested target
>
> Followed instructions written here with no luck yet:
> https://lsc-project.org/documentation/tutorial/openldaptoactivedirecto
> ry
>
> In the past I had this working with Windows Server 2008 R2 with the same 
> configuration file, although it was a different forest.


If the CA certificate (the authority that signed AD server
certificate) has changed, you must import it into JVM, see also 
https://lsc-project.org/documentation/howto/ssltls



Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users

Reply via email to