[ https://issues.apache.org/jira/browse/KYLIN-4271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16983214#comment-16983214 ]
Marc Wu commented on KYLIN-4271: -------------------------------- Hi [~wkh8011], We also enabled LDAPs, and it works normal. Here is our configuration: kylin.security.ldap.connection-server=ldaps://xx.xxxx.com:636 According to the error log, maybe you need to check the the CA certificate? > Support for LDAPs authentication of Kylin > ----------------------------------------- > > Key: KYLIN-4271 > URL: https://issues.apache.org/jira/browse/KYLIN-4271 > Project: Kylin > Issue Type: New Feature > Components: Security > Affects Versions: v3.0.0 > Reporter: wu.kehua > Assignee: wu.kehua > Priority: Major > Attachments: kylin.log > > > Kylin's user authentication is normal when connecting to an LDAP server with > the LDAP protocol enabled. However, the LDAP protocol is transmitted in plain > text and there are security risks. Therefore, the LDAP server that uses the > LDAPs protocol needs to be enabled. The LDAPs protocol supports encrypted > transmission. After configuring the LDAP related configuration in > kylin.properties, Kylin server cannot connect to the LDAP server for user > authentication. > The Kylin log shows the error log, as follows, you can also see the detail > log in attachment. > {code:java} > Root exception is javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: > PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)