Issue #27 has been updated by Joko Ari Wibowo.
Hi All,
I currently have task to syncronize ldap to other AD, i use lsc for completing
the task. I have set up ldaps, import the certificate to JVM and ready to
execute lsc. But I get some error while executing lsc.
1. The ldaps seems run well.
root@ldapserver:~# ldapsearch -x -LLL -H ldaps://10.10.2.253 -D "cn=Joko Ari
Wibowo,ou=People,dc=contoso,dc=com" -w P@ssw0rd -b "cn=Joko Ari
Wibowo,ou=People,dc=contoso,dc=com"
dn: cn=Joko Ari Wibowo,ou=people,dc=contoso,dc=com
cn: Joko Ari Wibowo
givenName: Joko Ari
gidNumber: 500
homeDirectory: /home/users/jwibowo
sn: Wibowo
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: UEBzc3cwcmQ=
uidNumber: 1000
uid: jwibowo
2. I have added the certificate to JVM,
root@ldapserver:/etc/lsc-2.0.1# /usr/lib/jvm/jre1.7.0/bin/keytool -list
-keystore ./jssecacerts
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
contoso, Apr 5, 2013, trustedCertEntry,
Certificate fingerprint (SHA1):
C3:0E:56:F0:14:56:7C:5E:CF:07:5D:71:7A:96:82:A8:E3:07:77:1C
mykey, Apr 4, 2013, trustedCertEntry,
Certificate fingerprint (SHA1):
2C:25:58:59:99:2D:50:2E:2A:05:90:EF:2A:93:0E:72:AE:58:F9:57
contoso.com, Apr 4, 2013, trustedCertEntry,
Certificate fingerprint (SHA1):
C3:0E:56:F0:14:56:7C:5E:CF:07:5D:71:7A:96:82:A8:E3:07:77:1C
root@ldapserver:/etc/lsc-2.0.1#
3. I have modified lsc.xml part url and isTlsActivated from "false" to "true":
<ldapConnection>
<name>ldap-src-conn</name>
<url>ldaps://10.10.2.253:636/dc=contoso,dc=com</url>
<username>cn=admin,dc=contoso,dc=com</username>
<password>P@ssw0rd</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>true</tlsActivated>
</ldapConnection>
When I execute the command line:
root@ldapserver:/etc/lsc-2.0.1# bin/lsc -f etc all -s all -n
I get error described below:
Apr 05 09:51:36 - DEBUG - Loading XML configuration from:
/etc/lsc-2.0.1/etc/lsc.xml
Apr 05 09:51:36 - INFO - Reflections took 514 ms to scan 1 urls, producing 60
keys and 226 values
Apr 05 09:51:36 - DEBUG - Importing XML schema file: schemas/lsc-core-2.0.xsd
Apr 05 09:51:37 - INFO - Logging configuration successfully loaded from
/etc/lsc-2.0.1/etc/logback.xml
Apr 05 09:51:37 - INFO - LSC configuration successfully loaded from
/etc/lsc-2.0.1/etc/
.
.
.
Apr 05 09:51:38 - INFO - Connecting to LDAP server
ldaps://10.10.2.253:636/dc=contoso,dc=com as cn=admin,dc=contoso,dc=com
Apr 05 09:51:38 - ERROR - Error opening the LDAP connection to the destination!
(javax.naming.CommunicationException: simple bind failed: 10.10.2.253:636 [Root
exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target])
Apr 05 09:51:38 - ERROR - org.lsc.exception.LscConfigurationException:
java.lang.reflect.InvocationTargetException
Is there a step that I missed? Please your advise.
----------------------------------------
Bug #27: Connection on ldaps:// URI
http://tools.lsc-project.org/issues/27
Author: Clément OUDOT
Status: Closed
Priority: Normal
Assigned to: Jonathan Clarke
Category: Core
Target version: 1.1.0
Problem in version:
Hello,
My target directory accept only secured connection, either with ldaps://,
either with a startTLS control.
When using ldaps:// URI in dst.java.naming.provider.url, there is a java error :
javax.naming.CommunicationException: simple bind failed: localhost:389 [Root
exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection
during handshake]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at org.interldap.lsc.jndi.JndiServices.<init>(JndiServices.java:101)
at
org.interldap.lsc.jndi.JndiServices.getInstance(JndiServices.java:141)
at
org.interldap.lsc.jndi.JndiServices.getDstInstance(JndiServices.java:127)
at
org.interldap.lsc.jndi.SimpleJndiDstService.getJndiServices(SimpleJndiDstService.java:118)
at
org.interldap.lsc.jndi.AbstractSimpleJndiService.get(AbstractSimpleJndiService.java:111)
at
org.interldap.lsc.jndi.SimpleJndiDstService.getBean(SimpleJndiDstService.java:89)
at
org.interldap.lsc.AbstractSynchronize.synchronizeLdap2Ldap(AbstractSynchronize.java:463)
at
org.interldap.lsc.SimpleSynchronize.launchSyncTask(SimpleSynchronize.java:295)
at
org.interldap.lsc.SimpleSynchronize.launch(SimpleSynchronize.java:140)
at org.interldap.lsc.Launcher.run(Launcher.java:103)
at org.interldap.lsc.Launcher.main(Launcher.java:95)
Can we add a feature to support LDAPS and startTLS? Can this be added to 1.1
roadmap?
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://tools.lsc-project.org/my/account
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-dev mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-dev
