On 30/04/2019 11:51, Julien TEHERY wrote:
> Hi there,
> 
> I'm actually importing ldap users into a Samba4 AD with succes but
> 
> On the source ldap, connection is made through the 389 port and  636 
> port on the destination (localhost).
> In order to make it work in fully ldaps (source and destination, do have 
> I to import remote cert into java keystore?
> 
> Because actually, here is what i get when i try to connect to source 
> ldap through 636:
> 
> avr. 30 11:46:38 - ERROR - org.lsc.exception.LscConfigurationException: 
> Configuration exception: javax.naming.CommunicationException: simple 
> bind failed: X.X.X.X:636 [Root exception is 
> javax.net.ssl.SSLHandshakeException: 
> java.security.cert.CertificateException: No subject alternative names 
> present]
> 
> 
> 
> Thanks
> 
> Julien

Hi Julien,

This error means that neither the certificate common name (CN in certification 
Subject) nor any of the alternate names (Subject Alternative Name in the 
certificate) match with the target IP adress that is configured in LSC.

Look at the CN or subject alternative names of the server certificate, and use 
one of them to configure the server URL, assuming it resolves to the right IP. 
Alternatively, you can add the server IP to the server certificate subject 
alternative names (if you have control over it).

If your certificate was signed by a Certificate Authorities (CA) that is not 
listed in the default Java truststore (which is always the case with 
auto-signed certificate but you did not mention using one), you will need to 
import the CA Root certificate that signed your server certificate in java 
truststore, using this procedure : 
https://lsc-project.org/documentation/howto/ssltls#trusting_the_certificate.

Regards.
-- 
Soisik Froger | Software Architect

[email protected]

Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users

Reply via email to