ldap over ssl error

Tue, 09 Feb 2021 02:40:24 -0800 

Hello all,

I'm trying to connect to ldap (Samba 4 AD) via ssl, I created a keystore to 
which I loaded the CA certificate, controller certificates and changed the 
settings accordingly.
Unfortunately when trying to connect I get a message like below, it seems that 
the problem is with cipher, but I can't get over it.
Could anyone connect to samba in this way?
Do jks certificates have to have appropriate aliases?

Best regards,
Piotr

2021-02-09 11:29:36,940 INFO  [o.a.c.l.LdapContextFactory] 
(qtp1026871825-406:ctx-57b6ce21 ctx-5c609a7f) (logid:63ab11d9) LDAP SSL enabled.
2021-02-09 11:29:36,941 DEBUG [o.a.c.l.LdapContextFactory] 
(qtp1026871825-406:ctx-57b6ce21 ctx-5c609a7f) (logid:63ab11d9) initializing 
ldap with provider url: ldap://mcb.bio:636
2021-02-09 11:29:36,952 DEBUG [o.a.c.l.LdapManagerImpl] 
(qtp1026871825-406:ctx-57b6ce21 ctx-5c609a7f) (logid:63ab11d9) NamingException 
while doing an LDAP bind
javax.naming.CommunicationException: mcb.bio:636 [Root exception is 
java.net.SocketException: java.security.NoSuchAlgorithmException: Error 
constructing implementation (algorithm: Default, provider: SunJSSE, class: 
sun.security.ssl.SSLContextImpl$DefaultSSLContext)]
        at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:244)
        at java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
        at 
java.naming/com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1616)
        at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
        at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
        at 
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:262)
        at 
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226)
        at 
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:280)
        at 
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185)
        at 
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115)
        at 
java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:719)
        at 
java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
        at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
        at 
java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
        at 
org.apache.cloudstack.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:62)
        at 
org.apache.cloudstack.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:51)
        at 
org.apache.cloudstack.ldap.LdapManagerImpl.addConfigurationInternal(LdapManagerImpl.java:118)
        at 
org.apache.cloudstack.ldap.LdapManagerImpl.addConfiguration(LdapManagerImpl.java:103)
        at 
org.apache.cloudstack.api.command.LdapAddConfigurationCmd.execute(LdapAddConfigurationCmd.java:66)
        at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:156)
        at com.cloud.api.ApiServer.queueCommand(ApiServer.java:764)
        at com.cloud.api.ApiServer.handleRequest(ApiServer.java:588)
        at com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:321)
        at com.cloud.api.ApiServlet$1.run(ApiServlet.java:134)
        at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
        at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
        at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
        at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:131)
        at com.cloud.api.ApiServlet.doGet(ApiServlet.java:93)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
        at 
org.eclipse.jetty.servlet.ServletHolder$NotAsyncServlet.service(ServletHolder.java:1386)
        at 
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755)
        at 
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:547)
        at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at 
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590)
        at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
        at 
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
        at 
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610)
        at 
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
        at 
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1300)
        at 
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
        at 
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
        at 
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580)
        at 
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
        at 
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1215)
        at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at 
org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:767)
        at 
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
        at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
        at org.eclipse.jetty.server.Server.handle(Server.java:500)
        at 
org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
        at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
        at 
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
        at 
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
        at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
        at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
        at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
        at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
        at 
org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
        at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: 
Error constructing implementation (algorithm: Default, provider: SunJSSE, 
class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
        at 
java.base/javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:263)
        at 
java.base/javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:277)
        at 
java.naming/com.sun.jndi.ldap.Connection.createSocket(Connection.java:313)
        ... 66 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing 
implementation (algorithm: Default, provider: SunJSSE, class: 
sun.security.ssl.SSLContextImpl$DefaultSSLContext)
        at 
java.base/java.security.Provider$Service.newInstance(Provider.java:1901)
        at 
java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
        at 
java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
        ... 74 more
Caused by: java.security.KeyStoreException: problem accessing trust store
        at 
java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73)
        at 
java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:278)
        at 
java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.getTrustManagers(SSLContextImpl.java:1053)
        ... 84 more
Caused by: java.io.IOException: Keystore was tampered with, or password was 
incorrect
        at 
java.base/sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792)
        at 
java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243)
        at java.base/java.security.KeyStore.load(KeyStore.java:1479)
        ... 90 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
        at 
java.base/sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:790)
        at 
java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243)
        at java.base/java.security.KeyStore.load(KeyStore.java:1479)
        ... 90 more
2021-02-09 11:29:36,953 INFO  [c.c.a.ApiServer] (qtp1026871825-406:ctx-57b6ce21 
ctx-5c609a7f) (logid:63ab11d9) 
com.cloud.exception.InvalidParameterValueException: Unable to bind to the given 
LDAP server
2021-02-09 11:29:36,953 DEBUG [c.c.a.ApiServlet] 
(qtp1026871825-406:ctx-57b6ce21 ctx-5c609a7f) (logid:63ab11d9) ===END===  
192.168.25.19 -- GET  
hostname=mcb.bio&port=636&domainid=b4b46eab-9579-4a3c-9cf7-5508086b01da&command=addLdapConfiguration&response=json

Reply via email to