[
https://issues.apache.org/jira/browse/KYLIN-4271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16983214#comment-16983214
]
Marc Wu commented on KYLIN-4271:
--------------------------------
Hi [~wkh8011],
We also enabled LDAPs, and it works normal. Here is our configuration:
kylin.security.ldap.connection-server=ldaps://xx.xxxx.com:636
According to the error log, maybe you need to check the the CA certificate?
> Support for LDAPs authentication of Kylin
> -----------------------------------------
>
> Key: KYLIN-4271
> URL: https://issues.apache.org/jira/browse/KYLIN-4271
> Project: Kylin
> Issue Type: New Feature
> Components: Security
> Affects Versions: v3.0.0
> Reporter: wu.kehua
> Assignee: wu.kehua
> Priority: Major
> Attachments: kylin.log
>
>
> Kylin's user authentication is normal when connecting to an LDAP server with
> the LDAP protocol enabled. However, the LDAP protocol is transmitted in plain
> text and there are security risks. Therefore, the LDAP server that uses the
> LDAPs protocol needs to be enabled. The LDAPs protocol supports encrypted
> transmission. After configuring the LDAP related configuration in
> kylin.properties, Kylin server cannot connect to the LDAP server for user
> authentication.
> The Kylin log shows the error log, as follows, you can also see the detail
> log in attachment.
> {code:java}
> Root exception is javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException:
> PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
