Hi Clément,
Thank you. Looks like I had to implicitly specify certificate file in my LSC
script, instead of using global configuration.
Cheers!
-Original Message-
From: lsc-users [mailto:lsc-users-boun...@lists.lsc-project.org] On Behalf Of
Clément OUDOT
Sent: Monday, March 12, 2018 6:58 AM
To: General discussions and help for Ldap Synchronization Connector (LSC) -
Start here!
Subject: Re: [lsc-users] LSC LDAPS error
2018-03-11 1:26 GMT+01:00 Bruno Miguel Martins :
> Good night guys!
>
> I'm trying to put LSC to work with Windows Server 2016 AD DS, fetching data
> from an OpenLDAP server.
>
> Can someone please help me with the following LDAPS error in LSC, when
> executing a dry run?
>
> Mar 11 00:21:29 - ERROR - org.lsc.exception.LscConfigurationException:
> Configuration exception: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
>
> Followed instructions written here with no luck yet:
> https://lsc-project.org/documentation/tutorial/openldaptoactivedirecto
> ry
>
> In the past I had this working with Windows Server 2008 R2 with the same
> configuration file, although it was a different forest.
If the CA certificate (the authority that signed AD server
certificate) has changed, you must import it into JVM, see also
https://lsc-project.org/documentation/howto/ssltls
Clément.
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users