I'm trying to configure DSpace-CRIS 5.10 and DSpace 6.3 to use ldaps, but get this error in the log:
2020-11-11 15:05:03,464 WARN org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=F261C03287498D5AEE67FFE7F53CBCAF:ip_addr=10.0.36.134:ldap_authentication:type=failed_auth javax.naming.CommunicationException\colon; simple bind failed\colon; <server_url>\colon;636 [Root exception is javax.net.ssl.SSLHandshakeException\colon; PKIX path building failed\colon; sun.security.provider.certpath.SunCertPathBuilderException\colon; unable to find valid certification path to requested target] LDAP authentication is working without SSL. All I've changed in the configuration is ldap -> ldaps in the provider_url property. On the DSpace 6.3 server I've also tried: authentication-ldap.starttls=true while leaving the scheme at ldap That results in the following error: 2020-11-12 09:06:32,112 WARN org.dspace.authenticate.LDAPAuthentication @ anonymous:session_id=0BD2A90CE7458F21149D8505D76D7E78:ip_addr=10.0.36.134:ldap_authentication:type=failed_auth javax.net.ssl.SSLHandshakeException\colon; PKIX path building failed\colon; sun.security.provider.certpath.SunCertPathBuilderException\colon; unable to find valid certification path to requested target I also tried using ldapsearch and found that that fails on ldaps with the error 'TLS: peer cert untrusted or revoked (0x142)' unless I add the following line to /etc/ldap/ldap.conf: TLS_REQCERT NEVER That setting in ldap.conf doesn't seem to have any effect on DSpace; is there a way of telling DSpace to not expect a server certificate? Or is there a better way to get secure LDAP working? -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CA%2BxAuhNZ4oB76KB57%2B4xrWybbOYqDyiytVUjvNTq%2B8%2BoWJWENg%40mail.gmail.com.
