Hi Carlos, The following links will help you install your LDAP certificate locally:
http://confluence.atlassian.com/display/CONFKB/Unable+to+Connect+to+SSL+Services+due+to+PKIX+Path+Building+Failed+sun.security.provider.certpath.SunCertPathBuilderException http://confluence.atlassian.com/display/DOC/Connect+to+LDAP,+JIRA+or+Other+Services+Via+SSL The 'authentication.x509.keystore' are for a different authentication method so will not be used. Thanks, Stuart Lewis Digital Services Programmer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: 64 9 373-7599 x81928 http://www.library.auckland.ac.nz/ -----Original Message----- From: Carlos Testera González [mailto:carlos.test...@unileon.es] Sent: Monday, 15 June 2009 11:43 p.m. To: dspace-tech@lists.sourceforge.net Subject: [Dspace-tech] Problems with ldaps Hello everyone. I'm new to the list, so forgive me if this has been already answered. I have a new DSpace 1.5.2 installation that works ok under Tomcat 6.0.18 and Java 1.6 all running in a Red Hat Linux. We're still in the test stage and one of the steps is authentication. We have a LDAP server to authenticate against. I've made all the changes in order to enable LDAP authentication and it also works ok. The problem arises when I try to make the authentication secure, that is, throught LDAPS. We have a self signed certificate in the ldap server. I have imported that certificate to a keystore in the machine that is running the DSpace. This is my configuration (only what I think that affects to this issue). Remember that with "normal" ldap (not ldaps) it works properly, under xmlui and jspui. ------------------------------------------- ldap.provider_url = ldaps://ldap.my.organization.es/ .... (all the ldap configuration in order to work) plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.X509Authentication, \ org.dspace.authenticate.LDAPHierarchicalAuthentication, \ org.dspace.authenticate.PasswordAuthentication authentication.x509.keystore.path = /path/to/mykeystore authentication.x509.keystore.password = keystore_password (I've also made tests with authentication.x509.ca.cert = /path/to/cacert) authentication.x509.autoregister = true ------------------------------------------- I always get the same error: ------------------------------------------- 2009-06-15 13:28:36,065 INFO org.dspace.authenticate.LDAPHierarchicalAuthentication @ anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:auth:attempting trivial auth of user=the_user 2009-06-15 13:28:36,172 WARN org.dspace.authenticate.LDAPHierarchicalAuthentication @ anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:ldap_authentication:type=failed_auth javax.naming.CommunicationException\colon; simple bind failed\colon; ldap.my.organization.es\colon;636 [Root exception is javax.net.ssl.SSLHandshakeException\colon; sun.security.validator.ValidatorException\colon; PKIX path building failed\colon; sun.security.provider.certpath.SunCertPathBuilderException\colon; unable to find valid certification path to requested target] 2009-06-15 13:28:36,172 INFO org.dspace.authenticate.LDAPHierarchicalAuthentication @ anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:failed_login:no DN found for user the_user 2009-06-15 13:28:36,173 INFO org.dspace.authenticate.PasswordAuthentication @ anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:authenticate:attempting password auth of user=the_user 2009-06-15 13:28:36,175 INFO org.dspace.app.webui.servlet.LDAPServlet @ anonymous:session_id=42344D2D6E23ED4500FA2C3449C39784:ip_addr=10.18.8.97:failed_login:netid=the_user, result=2 ------------------------------------------- I think that the "unable to find valid certification path to requested target" sentence is the most significant, but all the paths are ok. I don't know what more to try. Some help would be great. Thanks in advance. ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech