On 30/04/2019 11:51, Julien TEHERY wrote: > Hi there, > > I'm actually importing ldap users into a Samba4 AD with succes but > > On the source ldap, connection is made through the 389 port and 636 > port on the destination (localhost). > In order to make it work in fully ldaps (source and destination, do have > I to import remote cert into java keystore? > > Because actually, here is what i get when i try to connect to source > ldap through 636: > > avr. 30 11:46:38 - ERROR - org.lsc.exception.LscConfigurationException: > Configuration exception: javax.naming.CommunicationException: simple > bind failed: X.X.X.X:636 [Root exception is > javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: No subject alternative names > present] > > > > Thanks > > Julien
Hi Julien, This error means that neither the certificate common name (CN in certification Subject) nor any of the alternate names (Subject Alternative Name in the certificate) match with the target IP adress that is configured in LSC. Look at the CN or subject alternative names of the server certificate, and use one of them to configure the server URL, assuming it resolves to the right IP. Alternatively, you can add the server IP to the server certificate subject alternative names (if you have control over it). If your certificate was signed by a Certificate Authorities (CA) that is not listed in the default Java truststore (which is always the case with auto-signed certificate but you did not mention using one), you will need to import the CA Root certificate that signed your server certificate in java truststore, using this procedure : https://lsc-project.org/documentation/howto/ssltls#trusting_the_certificate. Regards. -- Soisik Froger | Software Architect [email protected] Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
