subject:"Issues with usersync \(LDAPS certificate not validated\)"

Re: Issues with usersync (LDAPS certificate not validated)

2015-10-06 Thread Aneela Saleem

com>
> Reply-To: "user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>
> Date: Monday, October 5, 2015 at 1:16 PM
> To: "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org>
>
> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>
> No there are no intermediate certificates. No i'm not using same trust
> store for performing ldapsearch. I'm using
> *TLS_CACERT /etc/ldap/cacert.pem* option in ldap.conf file
>
> On Mon, Oct 5, 2015 at 10:12 PM, Sailaja Polavarapu <
> spolavar...@hortonworks.com> wrote:
>
>> Are there any intermediate certs? If so, are they also added in the trust
>> store?
>> And just to make sure, in the ldap configuration, are you using same
>> trust store for performing ldapsearch?
>>
>>
>> From: Aneela Saleem
>> Reply-To: "user@ranger.incubator.apache.org"
>> Date: Sunday, October 4, 2015 at 10:15 AM
>>
>> To: "user@ranger.incubator.apache.org"
>> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>>
>> Is there any issue with JAVA keystore?
>>
>> On Fri, Oct 2, 2015 at 9:59 AM, Aneela Saleem <ane...@platalytics.com>
>> wrote:
>>
>>> Yes following command works fine
>>>
>>> ldapsearch -x -D "cn=aneela,ou=users,dc=platalytics,dc=com" -W -H
>>> ldaps://platalytics.com:636 -b "dc=platalytics,dc=com" -s sub
>>> 'cn=aneela'
>>>
>>> On Thu, Oct 1, 2015 at 7:35 PM, Don Bosco Durai <bo...@apache.org>
>>> wrote:
>>>
>>>> It is surprising that it will just stop working. Are you able to do
>>>> ldapsearch from command line? Just to make sure there is nothing wrong on
>>>> the OpenLDAP side?
>>>>
>>>> Thanks
>>>>
>>>> Bosco
>>>>
>>>>
>>>> From: Aneela Saleem <ane...@platalytics.com>
>>>> Reply-To: <user@ranger.incubator.apache.org>
>>>> Date: Thursday, October 1, 2015 at 11:55 PM
>>>>
>>>> To: <user@ranger.incubator.apache.org>
>>>> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>>>>
>>>> I also checked it on another machine. Same issue is there
>>>>
>>>> On Thu, Oct 1, 2015 at 10:03 PM, Aneela Saleem <ane...@platalytics.com>
>>>> wrote:
>>>>
>>>>> I guess no JDK changes. And i re-checked certificate infact generated
>>>>> a new one. Still same issue.
>>>>>
>>>>> On Thu, Oct 1, 2015 at 6:16 PM, Dilli Dorai <dilli.do...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Aneela,
>>>>>> Please check whether the certificate has expired.
>>>>>> Dilli
>>>>>>
>>>>>> On Wed, Sep 30, 2015 at 4:28 PM, Don Bosco Durai <bo...@apache.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Any other changes you can think of? JDK changes, etcs?
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Bosco
>>>>>>>
>>>>>>>
>>>>>>> From: Aneela Saleem <ane...@platalytics.com>
>>>>>>> Reply-To: <user@ranger.incubator.apache.org>
>>>>>>> Date: Wednesday, September 30, 2015 at 9:37 PM
>>>>>>> To: <user@ranger.incubator.apache.org>
>>>>>>> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>>>>>>>
>>>>>>> It was working fine one month ago. But now the same issue is
>>>>>>> occurred.
>>>>>>>
>>>>>>> On Wed, Sep 30, 2015 at 2:55 PM, Aneela Saleem <
>>>>>>> ane...@platalytics.com> wrote:
>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> I followed all the following steps i.e.,
>>>>>>>>
>>>>>>>> cp /etc/alternatives/java_sdk_1.7.0/jre/lib/security/cacerts
>>>>>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>>>>
>>>>>>>> keytool -import -trustcacerts -alias openLdap -file cert.pem
>>>>>>>> -keystore /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>>>> (where cert.pem has the the LDAPS cert)
>>>>>>>

Re: Issues with usersync (LDAPS certificate not validated)

2015-10-05 Thread Aneela Saleem

No there are no intermediate certificates. No i'm not using same trust
store for performing ldapsearch. I'm using
*TLS_CACERT /etc/ldap/cacert.pem* option in ldap.conf file

On Mon, Oct 5, 2015 at 10:12 PM, Sailaja Polavarapu <
spolavar...@hortonworks.com> wrote:

> Are there any intermediate certs? If so, are they also added in the trust
> store?
> And just to make sure, in the ldap configuration, are you using same trust
> store for performing ldapsearch?
>
>
> From: Aneela Saleem
> Reply-To: "user@ranger.incubator.apache.org"
> Date: Sunday, October 4, 2015 at 10:15 AM
>
> To: "user@ranger.incubator.apache.org"
> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>
> Is there any issue with JAVA keystore?
>
> On Fri, Oct 2, 2015 at 9:59 AM, Aneela Saleem <ane...@platalytics.com>
> wrote:
>
>> Yes following command works fine
>>
>> ldapsearch -x -D "cn=aneela,ou=users,dc=platalytics,dc=com" -W -H ldaps://
>> platalytics.com:636 -b "dc=platalytics,dc=com" -s sub 'cn=aneela'
>>
>> On Thu, Oct 1, 2015 at 7:35 PM, Don Bosco Durai <bo...@apache.org> wrote:
>>
>>> It is surprising that it will just stop working. Are you able to do
>>> ldapsearch from command line? Just to make sure there is nothing wrong on
>>> the OpenLDAP side?
>>>
>>> Thanks
>>>
>>> Bosco
>>>
>>>
>>> From: Aneela Saleem <ane...@platalytics.com>
>>> Reply-To: <user@ranger.incubator.apache.org>
>>> Date: Thursday, October 1, 2015 at 11:55 PM
>>>
>>> To: <user@ranger.incubator.apache.org>
>>> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>>>
>>> I also checked it on another machine. Same issue is there
>>>
>>> On Thu, Oct 1, 2015 at 10:03 PM, Aneela Saleem <ane...@platalytics.com>
>>> wrote:
>>>
>>>> I guess no JDK changes. And i re-checked certificate infact generated a
>>>> new one. Still same issue.
>>>>
>>>> On Thu, Oct 1, 2015 at 6:16 PM, Dilli Dorai <dilli.do...@gmail.com>
>>>> wrote:
>>>>
>>>>> Aneela,
>>>>> Please check whether the certificate has expired.
>>>>> Dilli
>>>>>
>>>>> On Wed, Sep 30, 2015 at 4:28 PM, Don Bosco Durai <bo...@apache.org>
>>>>> wrote:
>>>>>
>>>>>> Any other changes you can think of? JDK changes, etcs?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Bosco
>>>>>>
>>>>>>
>>>>>> From: Aneela Saleem <ane...@platalytics.com>
>>>>>> Reply-To: <user@ranger.incubator.apache.org>
>>>>>> Date: Wednesday, September 30, 2015 at 9:37 PM
>>>>>> To: <user@ranger.incubator.apache.org>
>>>>>> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>>>>>>
>>>>>> It was working fine one month ago. But now the same issue is occurred.
>>>>>>
>>>>>> On Wed, Sep 30, 2015 at 2:55 PM, Aneela Saleem <
>>>>>> ane...@platalytics.com> wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I followed all the following steps i.e.,
>>>>>>>
>>>>>>> cp /etc/alternatives/java_sdk_1.7.0/jre/lib/security/cacerts
>>>>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>>>
>>>>>>> keytool -import -trustcacerts -alias openLdap -file cert.pem
>>>>>>> -keystore /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>>> (where cert.pem has the the LDAPS cert)
>>>>>>>
>>>>>>> Add  java option
>>>>>>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036
>>>>>>> /ranger-usersync/userSyncCAcerts
>>>>>>> To
>>>>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/ranger-usersync-services.sh
>>>>>>>
>>>>>>> Where it invokes java command like the following
>>>>>>>
>>>>>>> nohup java 
>>>>>>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>>>  . . .
>>>>>>>
>>>>>>>
>>>>>>> But i'm unable t

Re: Issues with usersync (LDAPS certificate not validated)

2015-10-05 Thread Sailaja Polavarapu

Are there any intermediate certs? If so, are they also added in the trust store?
And just to make sure, in the ldap configuration, are you using same trust 
store for performing ldapsearch?


From: Aneela Saleem
Reply-To: 
"user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>"
Date: Sunday, October 4, 2015 at 10:15 AM
To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>"
Subject: Re: Issues with usersync (LDAPS certificate not validated)

Is there any issue with JAVA keystore?

On Fri, Oct 2, 2015 at 9:59 AM, Aneela Saleem 
<ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote:
Yes following command works fine

ldapsearch -x -D "cn=aneela,ou=users,dc=platalytics,dc=com" -W -H 
ldaps://platalytics.com:636<http://platalytics.com:636> -b 
"dc=platalytics,dc=com" -s sub 'cn=aneela'

On Thu, Oct 1, 2015 at 7:35 PM, Don Bosco Durai 
<bo...@apache.org<mailto:bo...@apache.org>> wrote:
It is surprising that it will just stop working. Are you able to do ldapsearch 
from command line? Just to make sure there is nothing wrong on the OpenLDAP 
side?

Thanks

Bosco


From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>>
Reply-To: 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Date: Thursday, October 1, 2015 at 11:55 PM

To: <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Subject: Re: Issues with usersync (LDAPS certificate not validated)

I also checked it on another machine. Same issue is there

On Thu, Oct 1, 2015 at 10:03 PM, Aneela Saleem 
<ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote:
I guess no JDK changes. And i re-checked certificate infact generated a new 
one. Still same issue.

On Thu, Oct 1, 2015 at 6:16 PM, Dilli Dorai 
<dilli.do...@gmail.com<mailto:dilli.do...@gmail.com>> wrote:
Aneela,
Please check whether the certificate has expired.
Dilli

On Wed, Sep 30, 2015 at 4:28 PM, Don Bosco Durai 
<bo...@apache.org<mailto:bo...@apache.org>> wrote:
Any other changes you can think of? JDK changes, etcs?

Thanks

Bosco


From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>>
Reply-To: 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Date: Wednesday, September 30, 2015 at 9:37 PM
To: <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Subject: Re: Issues with usersync (LDAPS certificate not validated)

It was working fine one month ago. But now the same issue is occurred.

On Wed, Sep 30, 2015 at 2:55 PM, Aneela Saleem 
<ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote:
Hi all,

I followed all the following steps i.e.,

cp /etc/alternatives/java_sdk_1.7.0/jre/lib/security/cacerts 
/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts

keytool -import -trustcacerts -alias openLdap -file cert.pem -keystore 
/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
(where cert.pem has the the LDAPS cert)

Add  java option
-Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
To
/usr/hdp/2.2.0.0-2036/ranger-usersync/ranger-usersync-services.sh

Where it invokes java command like the following

nohup java 
-Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
  . . .


But i'm unable to sync LDAP contacts in Ranger due to certificates validation 
issues. Following are the logs

30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Starting User 
Sync Service!
30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Enabling Unix 
Auth Service!
30 Sep 2015 14:48:56  INFO UserGroupSync [UnixUserSyncThread] - initializing 
sink: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
30 Sep 2015 14:48:57  WARN NativeCodeLoader [main] - Unable to load 
native-hadoop library for your platform... using builtin-java classes where 
applicable
30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling 
Protocol: [SSLv2Hello]
30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling 
Protocol: [TLSv1]
30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling 
Protocol: [TLSv1.1]
30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling 
Protocol: [TLSv1.2]
30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] - 
LdapUserGroupBuilder created
30 Sep 2015 14:48:58  INFO UserGroupSync [UnixUserSyncThread] - initializing 
source: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
30 Sep 2015 14:48:58  INFO UserGroupSync [UnixUserSyncThread] - Begin: initial 
load of user/group from source==>sink
30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] - 
LDAPUserGroupBuilder updateSink started
30 Sep 2015 14:48:58  INFO LdapUserGroupBuild

Re: Issues with usersync (LDAPS certificate not validated)

2015-10-05 Thread Selvamohan Neethiraj

Aneela:


To verify the certificate (chain), can you run the following command and send 
us the output of the command ?


$ openssl s_client -showcerts -connect 
platalytics.com:636<http://platalytics.com:636> < /dev/null



Thanks,

Selva-

From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>>
Reply-To: 
"user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Date: Monday, October 5, 2015 at 1:16 PM
To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Subject: Re: Issues with usersync (LDAPS certificate not validated)

No there are no intermediate certificates. No i'm not using same trust store 
for performing ldapsearch. I'm using
TLS_CACERT /etc/ldap/cacert.pem option in ldap.conf file

On Mon, Oct 5, 2015 at 10:12 PM, Sailaja Polavarapu 
<spolavar...@hortonworks.com<mailto:spolavar...@hortonworks.com>> wrote:
Are there any intermediate certs? If so, are they also added in the trust store?
And just to make sure, in the ldap configuration, are you using same trust 
store for performing ldapsearch?


From: Aneela Saleem
Reply-To: 
"user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>"
Date: Sunday, October 4, 2015 at 10:15 AM

To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>"
Subject: Re: Issues with usersync (LDAPS certificate not validated)

Is there any issue with JAVA keystore?

On Fri, Oct 2, 2015 at 9:59 AM, Aneela Saleem 
<ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote:
Yes following command works fine

ldapsearch -x -D "cn=aneela,ou=users,dc=platalytics,dc=com" -W -H 
ldaps://platalytics.com:636<http://platalytics.com:636> -b 
"dc=platalytics,dc=com" -s sub 'cn=aneela'

On Thu, Oct 1, 2015 at 7:35 PM, Don Bosco Durai 
<bo...@apache.org<mailto:bo...@apache.org>> wrote:
It is surprising that it will just stop working. Are you able to do ldapsearch 
from command line? Just to make sure there is nothing wrong on the OpenLDAP 
side?

Thanks

Bosco


From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>>
Reply-To: 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Date: Thursday, October 1, 2015 at 11:55 PM

To: <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Subject: Re: Issues with usersync (LDAPS certificate not validated)

I also checked it on another machine. Same issue is there

On Thu, Oct 1, 2015 at 10:03 PM, Aneela Saleem 
<ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote:
I guess no JDK changes. And i re-checked certificate infact generated a new 
one. Still same issue.

On Thu, Oct 1, 2015 at 6:16 PM, Dilli Dorai 
<dilli.do...@gmail.com<mailto:dilli.do...@gmail.com>> wrote:
Aneela,
Please check whether the certificate has expired.
Dilli

On Wed, Sep 30, 2015 at 4:28 PM, Don Bosco Durai 
<bo...@apache.org<mailto:bo...@apache.org>> wrote:
Any other changes you can think of? JDK changes, etcs?

Thanks

Bosco


From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>>
Reply-To: 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Date: Wednesday, September 30, 2015 at 9:37 PM
To: <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Subject: Re: Issues with usersync (LDAPS certificate not validated)

It was working fine one month ago. But now the same issue is occurred.

On Wed, Sep 30, 2015 at 2:55 PM, Aneela Saleem 
<ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote:
Hi all,

I followed all the following steps i.e.,

cp /etc/alternatives/java_sdk_1.7.0/jre/lib/security/cacerts 
/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts

keytool -import -trustcacerts -alias openLdap -file cert.pem -keystore 
/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
(where cert.pem has the the LDAPS cert)

Add  java option
-Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
To
/usr/hdp/2.2.0.0-2036/ranger-usersync/ranger-usersync-services.sh

Where it invokes java command like the following

nohup java 
-Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
  . . .


But i'm unable to sync LDAP contacts in Ranger due to certificates validation 
issues. Following are the logs

30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Starting User 
Sync Service!
30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Enabling Unix 
Auth Service!
30 Sep 2015 14:48:56  INFO UserGroupSync [UnixUserSyncThread] - ini

Re: Issues with usersync (LDAPS certificate not validated)

2015-10-04 Thread Aneela Saleem

Is there any issue with JAVA keystore?

On Fri, Oct 2, 2015 at 9:59 AM, Aneela Saleem <ane...@platalytics.com>
wrote:

> Yes following command works fine
>
> ldapsearch -x -D "cn=aneela,ou=users,dc=platalytics,dc=com" -W -H ldaps://
> platalytics.com:636 -b "dc=platalytics,dc=com" -s sub 'cn=aneela'
>
> On Thu, Oct 1, 2015 at 7:35 PM, Don Bosco Durai <bo...@apache.org> wrote:
>
>> It is surprising that it will just stop working. Are you able to do
>> ldapsearch from command line? Just to make sure there is nothing wrong on
>> the OpenLDAP side?
>>
>> Thanks
>>
>> Bosco
>>
>>
>> From: Aneela Saleem <ane...@platalytics.com>
>> Reply-To: <user@ranger.incubator.apache.org>
>> Date: Thursday, October 1, 2015 at 11:55 PM
>>
>> To: <user@ranger.incubator.apache.org>
>> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>>
>> I also checked it on another machine. Same issue is there
>>
>> On Thu, Oct 1, 2015 at 10:03 PM, Aneela Saleem <ane...@platalytics.com>
>> wrote:
>>
>>> I guess no JDK changes. And i re-checked certificate infact generated a
>>> new one. Still same issue.
>>>
>>> On Thu, Oct 1, 2015 at 6:16 PM, Dilli Dorai <dilli.do...@gmail.com>
>>> wrote:
>>>
>>>> Aneela,
>>>> Please check whether the certificate has expired.
>>>> Dilli
>>>>
>>>> On Wed, Sep 30, 2015 at 4:28 PM, Don Bosco Durai <bo...@apache.org>
>>>> wrote:
>>>>
>>>>> Any other changes you can think of? JDK changes, etcs?
>>>>>
>>>>> Thanks
>>>>>
>>>>> Bosco
>>>>>
>>>>>
>>>>> From: Aneela Saleem <ane...@platalytics.com>
>>>>> Reply-To: <user@ranger.incubator.apache.org>
>>>>> Date: Wednesday, September 30, 2015 at 9:37 PM
>>>>> To: <user@ranger.incubator.apache.org>
>>>>> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>>>>>
>>>>> It was working fine one month ago. But now the same issue is occurred.
>>>>>
>>>>> On Wed, Sep 30, 2015 at 2:55 PM, Aneela Saleem <ane...@platalytics.com
>>>>> > wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I followed all the following steps i.e.,
>>>>>>
>>>>>> cp /etc/alternatives/java_sdk_1.7.0/jre/lib/security/cacerts
>>>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>>
>>>>>> keytool -import -trustcacerts -alias openLdap -file cert.pem
>>>>>> -keystore /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>> (where cert.pem has the the LDAPS cert)
>>>>>>
>>>>>> Add  java option
>>>>>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036
>>>>>> /ranger-usersync/userSyncCAcerts
>>>>>> To
>>>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/ranger-usersync-services.sh
>>>>>>
>>>>>> Where it invokes java command like the following
>>>>>>
>>>>>> nohup java 
>>>>>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>>  . . .
>>>>>>
>>>>>>
>>>>>> But i'm unable to sync LDAP contacts in Ranger due to certificates
>>>>>> validation issues. Following are the logs
>>>>>>
>>>>>> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] -
>>>>>> Starting User Sync Service!
>>>>>> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] -
>>>>>> Enabling Unix Auth Service!
>>>>>> 30 Sep 2015 14:48:56  INFO UserGroupSync [UnixUserSyncThread] -
>>>>>> initializing sink:
>>>>>> org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
>>>>>> 30 Sep 2015 14:48:57  WARN NativeCodeLoader [main] - Unable to load
>>>>>> native-hadoop library for your platform... using builtin-java classes 
>>>>>> where
>>>>>> applicable
>>>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] -
>>>>>> Enabling Protocol: [SSLv2Hello]
>>>>>>

Re: Issues with usersync (LDAPS certificate not validated)

2015-10-01 Thread Aneela Saleem

I also checked it on another machine. Same issue is there

On Thu, Oct 1, 2015 at 10:03 PM, Aneela Saleem <ane...@platalytics.com>
wrote:

> I guess no JDK changes. And i re-checked certificate infact generated a
> new one. Still same issue.
>
> On Thu, Oct 1, 2015 at 6:16 PM, Dilli Dorai <dilli.do...@gmail.com> wrote:
>
>> Aneela,
>> Please check whether the certificate has expired.
>> Dilli
>>
>> On Wed, Sep 30, 2015 at 4:28 PM, Don Bosco Durai <bo...@apache.org>
>> wrote:
>>
>>> Any other changes you can think of? JDK changes, etcs?
>>>
>>> Thanks
>>>
>>> Bosco
>>>
>>>
>>> From: Aneela Saleem <ane...@platalytics.com>
>>> Reply-To: <user@ranger.incubator.apache.org>
>>> Date: Wednesday, September 30, 2015 at 9:37 PM
>>> To: <user@ranger.incubator.apache.org>
>>> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>>>
>>> It was working fine one month ago. But now the same issue is occurred.
>>>
>>> On Wed, Sep 30, 2015 at 2:55 PM, Aneela Saleem <ane...@platalytics.com>
>>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I followed all the following steps i.e.,
>>>>
>>>> cp /etc/alternatives/java_sdk_1.7.0/jre/lib/security/cacerts /usr/hdp/2
>>>> .2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>
>>>> keytool -import -trustcacerts -alias openLdap -file cert.pem -keystore
>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>> (where cert.pem has the the LDAPS cert)
>>>>
>>>> Add  java option
>>>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036
>>>> /ranger-usersync/userSyncCAcerts
>>>> To
>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/ranger-usersync-services.sh
>>>>
>>>> Where it invokes java command like the following
>>>>
>>>> nohup java 
>>>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>  . . .
>>>>
>>>>
>>>> But i'm unable to sync LDAP contacts in Ranger due to certificates
>>>> validation issues. Following are the logs
>>>>
>>>> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Starting
>>>> User Sync Service!
>>>> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Enabling
>>>> Unix Auth Service!
>>>> 30 Sep 2015 14:48:56  INFO UserGroupSync [UnixUserSyncThread] -
>>>> initializing sink:
>>>> org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
>>>> 30 Sep 2015 14:48:57  WARN NativeCodeLoader [main] - Unable to load
>>>> native-hadoop library for your platform... using builtin-java classes where
>>>> applicable
>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>> Protocol: [SSLv2Hello]
>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>> Protocol: [TLSv1]
>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>> Protocol: [TLSv1.1]
>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>> Protocol: [TLSv1.2]
>>>> 30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
>>>> LdapUserGroupBuilder created
>>>> 30 Sep 2015 14:48:58  INFO UserGroupSync [UnixUserSyncThread] -
>>>> initializing source:
>>>> org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
>>>> 30 Sep 2015 14:48:58  INFO UserGroupSync [UnixUserSyncThread] - Begin:
>>>> initial load of user/group from source==>sink
>>>> 30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
>>>> LDAPUserGroupBuilder updateSink started
>>>> 30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
>>>> LdapUserGroupBuilder initialization started
>>>> 30 Sep 2015 14:48:58 ERROR UserGroupSync [UnixUserSyncThread] - Failed
>>>> to initialize UserGroup source/sink. Will retry after 2160
>>>> milliseconds. Error details:
>>>> javax.naming.CommunicationException: simple bind failed:
>>>> platalytics.com:636 [Root exception is
>>>> javax.net.ssl.SSLHandshakeException:
>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>> sun.security.provider.certpath.SunCertPathBuilderExcept

Re: Issues with usersync (LDAPS certificate not validated)

2015-10-01 Thread Don Bosco Durai

It is surprising that it will just stop working. Are you able to do
ldapsearch from command line? Just to make sure there is nothing wrong on
the OpenLDAP side?

Thanks

Bosco


From:  Aneela Saleem <ane...@platalytics.com>
Reply-To:  <user@ranger.incubator.apache.org>
Date:  Thursday, October 1, 2015 at 11:55 PM
To:  <user@ranger.incubator.apache.org>
Subject:  Re: Issues with usersync (LDAPS certificate not validated)

> I also checked it on another machine. Same issue is there
> 
> On Thu, Oct 1, 2015 at 10:03 PM, Aneela Saleem <ane...@platalytics.com> wrote:
>> I guess no JDK changes. And i re-checked certificate infact generated a new
>> one. Still same issue.
>> 
>> On Thu, Oct 1, 2015 at 6:16 PM, Dilli Dorai <dilli.do...@gmail.com> wrote:
>>> Aneela,
>>> Please check whether the certificate has expired.
>>> Dilli
>>> 
>>> On Wed, Sep 30, 2015 at 4:28 PM, Don Bosco Durai <bo...@apache.org> wrote:
>>>> Any other changes you can think of? JDK changes, etcs?
>>>> 
>>>> Thanks
>>>> 
>>>> Bosco
>>>> 
>>>> 
>>>> From:  Aneela Saleem <ane...@platalytics.com>
>>>> Reply-To:  <user@ranger.incubator.apache.org>
>>>> Date:  Wednesday, September 30, 2015 at 9:37 PM
>>>> To:  <user@ranger.incubator.apache.org>
>>>> Subject:  Re: Issues with usersync (LDAPS certificate not validated)
>>>> 
>>>>> It was working fine one month ago. But now the same issue is occurred.
>>>>> 
>>>>> On Wed, Sep 30, 2015 at 2:55 PM, Aneela Saleem <ane...@platalytics.com>
>>>>> wrote:
>>>>>> Hi all,
>>>>>> 
>>>>>> I followed all the following steps i.e.,
>>>>>> 
>>>>>> cp /etc/alternatives/java_sdk_1.7.0/jre/lib/security/cacerts
>>>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>> 
>>>>>> keytool -import -trustcacerts -alias openLdap -file cert.pem -keystore
>>>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>> (where cert.pem has the the LDAPS cert)
>>>>>>  
>>>>>> Add  java option
>>>>>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSync
>>>>>> CAcerts 
>>>>>> To 
>>>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/ranger-usersync-services.sh
>>>>>> 
>>>>>> Where it invokes java command like the following
>>>>>> 
>>>>>> nohup java 
>>>>>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSync
>>>>>> CAcerts  . . .
>>>>>> 
>>>>>> 
>>>>>> But i'm unable to sync LDAP contacts in Ranger due to certificates
>>>>>> validation issues. Following are the logs
>>>>>> 
>>>>>> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Starting
>>>>>> User Sync Service!
>>>>>> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Enabling
>>>>>> Unix Auth Service!
>>>>>> 30 Sep 2015 14:48:56  INFO UserGroupSync [UnixUserSyncThread] -
>>>>>> initializing sink:
>>>>>> org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
>>>>>> 30 Sep 2015 14:48:57  WARN NativeCodeLoader [main] - Unable to load
>>>>>> native-hadoop library for your platform... using builtin-java classes
>>>>>> where applicable
>>>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>>>> Protocol: [SSLv2Hello]
>>>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>>>> Protocol: [TLSv1]
>>>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>>>> Protocol: [TLSv1.1]
>>>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>>>> Protocol: [TLSv1.2]
>>>>>> 30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
>>>>>> LdapUserGroupBuilder created
>>>>>> 30 Sep 2015 14:48:58  INFO UserGroupSync [UnixUserSyncThread] -
>>>>>> initializing source:
>>>>>> org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
>>>>>> 30 Sep 2015

Re: Issues with usersync (LDAPS certificate not validated)

2015-10-01 Thread Aneela Saleem

Yes following command works fine

ldapsearch -x -D "cn=aneela,ou=users,dc=platalytics,dc=com" -W -H ldaps://
platalytics.com:636 -b "dc=platalytics,dc=com" -s sub 'cn=aneela'

On Thu, Oct 1, 2015 at 7:35 PM, Don Bosco Durai <bo...@apache.org> wrote:

> It is surprising that it will just stop working. Are you able to do
> ldapsearch from command line? Just to make sure there is nothing wrong on
> the OpenLDAP side?
>
> Thanks
>
> Bosco
>
>
> From: Aneela Saleem <ane...@platalytics.com>
> Reply-To: <user@ranger.incubator.apache.org>
> Date: Thursday, October 1, 2015 at 11:55 PM
>
> To: <user@ranger.incubator.apache.org>
> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>
> I also checked it on another machine. Same issue is there
>
> On Thu, Oct 1, 2015 at 10:03 PM, Aneela Saleem <ane...@platalytics.com>
> wrote:
>
>> I guess no JDK changes. And i re-checked certificate infact generated a
>> new one. Still same issue.
>>
>> On Thu, Oct 1, 2015 at 6:16 PM, Dilli Dorai <dilli.do...@gmail.com>
>> wrote:
>>
>>> Aneela,
>>> Please check whether the certificate has expired.
>>> Dilli
>>>
>>> On Wed, Sep 30, 2015 at 4:28 PM, Don Bosco Durai <bo...@apache.org>
>>> wrote:
>>>
>>>> Any other changes you can think of? JDK changes, etcs?
>>>>
>>>> Thanks
>>>>
>>>> Bosco
>>>>
>>>>
>>>> From: Aneela Saleem <ane...@platalytics.com>
>>>> Reply-To: <user@ranger.incubator.apache.org>
>>>> Date: Wednesday, September 30, 2015 at 9:37 PM
>>>> To: <user@ranger.incubator.apache.org>
>>>> Subject: Re: Issues with usersync (LDAPS certificate not validated)
>>>>
>>>> It was working fine one month ago. But now the same issue is occurred.
>>>>
>>>> On Wed, Sep 30, 2015 at 2:55 PM, Aneela Saleem <ane...@platalytics.com>
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I followed all the following steps i.e.,
>>>>>
>>>>> cp /etc/alternatives/java_sdk_1.7.0/jre/lib/security/cacerts
>>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>
>>>>> keytool -import -trustcacerts -alias openLdap -file cert.pem
>>>>> -keystore /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>> (where cert.pem has the the LDAPS cert)
>>>>>
>>>>> Add  java option
>>>>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036
>>>>> /ranger-usersync/userSyncCAcerts
>>>>> To
>>>>> /usr/hdp/2.2.0.0-2036/ranger-usersync/ranger-usersync-services.sh
>>>>>
>>>>> Where it invokes java command like the following
>>>>>
>>>>> nohup java 
>>>>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>>>>>  . . .
>>>>>
>>>>>
>>>>> But i'm unable to sync LDAP contacts in Ranger due to certificates
>>>>> validation issues. Following are the logs
>>>>>
>>>>> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Starting
>>>>> User Sync Service!
>>>>> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Enabling
>>>>> Unix Auth Service!
>>>>> 30 Sep 2015 14:48:56  INFO UserGroupSync [UnixUserSyncThread] -
>>>>> initializing sink:
>>>>> org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
>>>>> 30 Sep 2015 14:48:57  WARN NativeCodeLoader [main] - Unable to load
>>>>> native-hadoop library for your platform... using builtin-java classes 
>>>>> where
>>>>> applicable
>>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>>> Protocol: [SSLv2Hello]
>>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>>> Protocol: [TLSv1]
>>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>>> Protocol: [TLSv1.1]
>>>>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>>>>> Protocol: [TLSv1.2]
>>>>> 30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
>>>>> LdapUserGroupBuilder created
>>>>> 30 Sep 201

Re: Issues with usersync (LDAPS certificate not validated)

2015-10-01 Thread Don Bosco Durai

Any other changes you can think of? JDK changes, etcs?

Thanks

Bosco


From:  Aneela Saleem <ane...@platalytics.com>
Reply-To:  <user@ranger.incubator.apache.org>
Date:  Wednesday, September 30, 2015 at 9:37 PM
To:  <user@ranger.incubator.apache.org>
Subject:  Re: Issues with usersync (LDAPS certificate not validated)

> It was working fine one month ago. But now the same issue is occurred.
> 
> On Wed, Sep 30, 2015 at 2:55 PM, Aneela Saleem <ane...@platalytics.com> wrote:
>> Hi all,
>> 
>> I followed all the following steps i.e.,
>> 
>> cp /etc/alternatives/java_sdk_1.7.0/jre/lib/security/cacerts
>> /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>> 
>> keytool -import -trustcacerts -alias openLdap -file cert.pem -keystore
>> /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>> (where cert.pem has the the LDAPS cert)
>>  
>> Add  java option
>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAce
>> rts 
>> To 
>> /usr/hdp/2.2.0.0-2036/ranger-usersync/ranger-usersync-services.sh
>> 
>> Where it invokes java command like the following
>> 
>> nohup java 
>> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAce
>> rts  . . . 
>> 
>> 
>> But i'm unable to sync LDAP contacts in Ranger due to certificates validation
>> issues. Following are the logs
>> 
>> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Starting User
>> Sync Service!
>> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Enabling Unix
>> Auth Service!
>> 30 Sep 2015 14:48:56  INFO UserGroupSync [UnixUserSyncThread] - initializing
>> sink: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
>> 30 Sep 2015 14:48:57  WARN NativeCodeLoader [main] - Unable to load
>> native-hadoop library for your platform... using builtin-java classes where
>> applicable
>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>> Protocol: [SSLv2Hello]
>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>> Protocol: [TLSv1]
>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>> Protocol: [TLSv1.1]
>> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
>> Protocol: [TLSv1.2]
>> 30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
>> LdapUserGroupBuilder created
>> 30 Sep 2015 14:48:58  INFO UserGroupSync [UnixUserSyncThread] - initializing
>> source: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
>> 30 Sep 2015 14:48:58  INFO UserGroupSync [UnixUserSyncThread] - Begin:
>> initial load of user/group from source==>sink
>> 30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
>> LDAPUserGroupBuilder updateSink started
>> 30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
>> LdapUserGroupBuilder initialization started
>> 30 Sep 2015 14:48:58 ERROR UserGroupSync [UnixUserSyncThread] - Failed to
>> initialize UserGroup source/sink. Will retry after 2160 milliseconds.
>> Error details: 
>> javax.naming.CommunicationException: simple bind failed: platalytics.com:636
>> <http://platalytics.com:636>  [Root exception is
>> javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target]
>> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218)
>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
>> at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:316)
>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
>> at 
>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
>> at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
>> at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
>> at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
>> at javax.naming.InitialContext.init(InitialContext.java:242)
>> at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:153)
>> at 
>> org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.createLdapContext
>> (LdapUserGroupBuilder.java:149)
>> at 
>> org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUs
>> erGroupBuilder.java:261)
>> at org.apache.ranger.usergro

Re: Issues with usersync (LDAPS certificate not validated)

2015-09-30 Thread Aneela Saleem

It was working fine one month ago. But now the same issue is occurred.

On Wed, Sep 30, 2015 at 2:55 PM, Aneela Saleem 
wrote:

> Hi all,
>
> I followed all the following steps i.e.,
>
> cp /etc/alternatives/java_sdk_1.7.0/jre/lib/security/cacerts /usr/hdp/2
> .2.0.0-2036/ranger-usersync/userSyncCAcerts
>
> keytool -import -trustcacerts -alias openLdap -file cert.pem -keystore
> /usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
> (where cert.pem has the the LDAPS cert)
>
> Add  java option
> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036
> /ranger-usersync/userSyncCAcerts
> To
> /usr/hdp/2.2.0.0-2036/ranger-usersync/ranger-usersync-services.sh
>
> Where it invokes java command like the following
>
> nohup java 
> -Djavax.net.ssl.trustStore=/usr/hdp/2.2.0.0-2036/ranger-usersync/userSyncCAcerts
>  . . .
>
>
> But i'm unable to sync LDAP contacts in Ranger due to certificates
> validation issues. Following are the logs
>
> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Starting
> User Sync Service!
> 30 Sep 2015 14:48:56  INFO UnixAuthenticationService [main] - Enabling
> Unix Auth Service!
> 30 Sep 2015 14:48:56  INFO UserGroupSync [UnixUserSyncThread] -
> initializing sink:
> org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
> 30 Sep 2015 14:48:57  WARN NativeCodeLoader [main] - Unable to load
> native-hadoop library for your platform... using builtin-java classes where
> applicable
> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
> Protocol: [SSLv2Hello]
> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
> Protocol: [TLSv1]
> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
> Protocol: [TLSv1.1]
> 30 Sep 2015 14:48:58  INFO UnixAuthenticationService [main] - Enabling
> Protocol: [TLSv1.2]
> 30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
> LdapUserGroupBuilder created
> 30 Sep 2015 14:48:58  INFO UserGroupSync [UnixUserSyncThread] -
> initializing source:
> org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
> 30 Sep 2015 14:48:58  INFO UserGroupSync [UnixUserSyncThread] - Begin:
> initial load of user/group from source==>sink
> 30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
> LDAPUserGroupBuilder updateSink started
> 30 Sep 2015 14:48:58  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
> LdapUserGroupBuilder initialization started
> 30 Sep 2015 14:48:58 ERROR UserGroupSync [UnixUserSyncThread] - Failed to
> initialize UserGroup source/sink. Will retry after 2160 milliseconds.
> Error details:
> javax.naming.CommunicationException: simple bind failed:
> platalytics.com:636 [Root exception is
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target]
> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
> at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:316)
> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
> at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
> at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
> at javax.naming.InitialContext.init(InitialContext.java:242)
> at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:153)
> at
> org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.createLdapContext(LdapUserGroupBuilder.java:149)
> at
> org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:261)
> at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
> at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
> at
>

Re: Issues with usersync (LDAPS certificate not validated)

Re: Issues with usersync (LDAPS certificate not validated)

Re: Issues with usersync (LDAPS certificate not validated)

Re: Issues with usersync (LDAPS certificate not validated)

Re: Issues with usersync (LDAPS certificate not validated)

Re: Issues with usersync (LDAPS certificate not validated)

Re: Issues with usersync (LDAPS certificate not validated)

Re: Issues with usersync (LDAPS certificate not validated)

Re: Issues with usersync (LDAPS certificate not validated)

Re: Issues with usersync (LDAPS certificate not validated)

10 matches

Site Navigation

Mail list logo

Footer information