JNDIRealm using LDAP with SSL

[Chris Egolf]

Does anyone have any experience getting ldaps working w/ the JDNIRealms in 
Tomcat 4.1.24?  Regular LDAP is working fine, but when I change the connection 
URL to ldaps://<ldap-host>:636 I get the following error:

2003-07-28 09:40:49 JNDIRealm[Standalone]: Connecting to URL ldaps://10.1.1.50:636
2003-07-28 09:40:50 JNDIRealm[Standalone]: Exception performing authentication
javax.naming.CommunicationException: simple bind failed: 10.1.1.50:636 [Root 
exception is javax.net.ssl.SSLException: Connection has been shutdown: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
No trusted certificate found]

My Realm element in server.xml:

<Realm  className="org.apache.catalina.realm.JNDIRealm" debug="99"
                resourceName="UserDatabase"
                connectionURL="ldaps://10.1.1.50:636"
                connectionName="cn=TOMCAT,ou=WebAppUser,ou=MyOU,o=MyCompany"
                connectionPassword="password"
                userBase="o=MyCompany"
                userSearch="(&amp;(cn={0})(objectClass=inetOrgPerson))"
                userSubtree="true"
                roleBase="ou=WebAppGrp,ou=MyOU,o=MyCompany"
                roleSearch="(uniqueMember={0})"
                roleName="cn"
        />
Like I said, this works if connectionURL="ldap://10.1.1.50:389";.  I can connect 
to the LDAP server (Novell eDirectory) via SSL using a Java browser if I accept 
the certificate, so I wonder if that might have something to do with it.

I've also successfully followed the Config-SSL-HOWTO, accepted the certificate 
from the server and setup the keystore for the connector as described, but I get 
the feeling that this is strictly for enabling SSL over HTTP.

Thanks in advance.

Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]