We are developing a web application that requires LDAP authentication to 1) Determine if the user exists and his/her credentials are correct 2) to serve the correct pages and privileges to authenticated users.
However, we have reached a road block. After implementing the security realms, keystores, and web-specific deployment plans, we have been unable to get past the authentication prompt for user credentials. No matter what I have tried, the error message is always ERROR [LDAPLoginModule] javax.naming.CommunicationException: simple bind failed: my.ldap.server:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] WARN [log] AUTH FAILURE: user UserName I followed the keytool directives for obtaining a valid certificate and created a new certificate via the Geronimo console. I have also tried importing a valid certificate manually buy copy/paste and changes to the config.xml file.. all to no avail. If the issue is the security realm, we have contacted the LDAP server administrators and obtained the correct settings for our use. I have tried creating an ldap security realm via the console and via the geronimo-application.xml I'm not sure if the issue is the server believes the certificate is invalid or it cannot find a matching certificate after the LDAP server is contacted. The keystore I am using is in the geronimo var/security/keystore directory and also registered in the system wide java keystore (cacerts.) If anyone could suggest some things to get geronimo to accept the certificates in my keystore or to somehow link them so they will be of use would be great. Thanks -- View this message in context: http://www.nabble.com/Error%3A-%22unable-to-find-valid-certification-path-to-requested-target%22-tp24526223s134p24526223.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
