I imported the certificate exactly as i did in /etc/ssl/certs/java/cacerts
(it's a self signed certificate with correct CN) matching with the named
uses in LSC's connector
and I still have the same error i don't know why.
Is there a way to bypass the certificate verification ?
Le 30/04/2019 à 13:05, Soisik Froger a écrit :
On 30/04/2019 11:51, Julien TEHERY wrote:
Hi there,
I'm actually importing ldap users into a Samba4 AD with succes but
On the source ldap, connection is made through the 389 port and 636
port on the destination (localhost).
In order to make it work in fully ldaps (source and destination, do have
I to import remote cert into java keystore?
Because actually, here is what i get when i try to connect to source
ldap through 636:
avr. 30 11:46:38 - ERROR - org.lsc.exception.LscConfigurationException:
Configuration exception: javax.naming.CommunicationException: simple
bind failed: X.X.X.X:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No subject alternative names
present]
Thanks
Julien
Hi Julien,
This error means that neither the certificate common name (CN in certification
Subject) nor any of the alternate names (Subject Alternative Name in the
certificate) match with the target IP adress that is configured in LSC.
Look at the CN or subject alternative names of the server certificate, and use
one of them to configure the server URL, assuming it resolves to the right IP.
Alternatively, you can add the server IP to the server certificate subject
alternative names (if you have control over it).
If your certificate was signed by a Certificate Authorities (CA) that is not
listed in the default Java truststore (which is always the case with
auto-signed certificate but you did not mention using one), you will need to
import the CA Root certificate that signed your server certificate in java
truststore, using this procedure :
https://lsc-project.org/documentation/howto/ssltls#trusting_the_certificate.
Regards.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
