Hi,
I'm trying to make Knox connect to LDAPS to perform authentication, but I'm
getting the following error message:
Caused by: javax.naming.CommunicationException: simple bind failed:
ldap-host:636 [Root exception is javax.net.ssl.SSLException:
java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmPara
meterException: the trustAnchors parameter must be non-empty]
This is while running "knoxcli.sh system-user-auth-test --cluster ldap --d"
And my simple topology is the following:
ldap.xml:
<topology>
<gateway>
<provider>
<role>authentication</role>
<name>ShiroProvider</name>
<enabled>true</enabled>
<param name="main.ldapRealm"
value="org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm"/>
<param name="main.ldapContextFactory"
value="org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory"/>
<param name="main.ldapRealm.contextFactory"
value="$ldapContextFactory"/>
<param name="main.ldapRealm.contextFactory.url"
value="ldaps://ldap-host:636"/>
<param name="main.ldapRealm.contextFactory.systemUsername"
value="uid=user-uid,ou=account,dc=company,dc=net"/>
<param name="main.ldapRealm.contextFactory.systemPassword"
value="password"/>
<param name="main.ldapRealm.searchBase"
value="ou=Users,dc=company,dc=net"/>
<param name="main.ldapRealm.userSearchAttributeName"
value="displayName"/>
<param name="main.ldapRealm.userObjectClass" value="person"/>
<param name="urls./**" value="authcBasic"/>
</provider>
</gateway>
<service>
<role>KNOX</role>
</service>
</topology>
The ldap certs are all in java cacerts and knox-env.sh sees correctly the
java location. So I might be missing something.
Any idea?
With other ldap tools, like ldapsearch or ldapwhoami it works, so wondering
what I'm missing in my topology or gateway configuration.
Thanks.
