ldaps connectivity for enabliling authenitication via corporate ldap

1,309 views
Skip to first unread message

Gandhi, Pawan

unread,
Jul 6, 2011, 11:22:42 AM7/6/11
to jenkins...@googlegroups.com

Hi

 

I am trying to connect to ldaps://mycompanyldap:636 and getting below error.

 

I am running Jenkins in tomcat contains with following

 

export CATALINA_OPTS="-DJENKINS_HOME=$JENKINS_BASEDIR/.jenkins_home -Djavax.net.ssl.trustStore=/opt/jenkins-ci/apache-tomcat-6.0.32/conf/jenkind-ldap-certs.pks -Djavax.net.ssl.trustStorePassword=test -Djavax.net.ssl.trustStoreType=jks"

 

 

 

Jul 6, 2011 10:41:05 AM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication

INFO: Login attempt failed

org.acegisecurity.AuthenticationServiceException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: simple bind failed: DomainDnsZones.test.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: simple bind failed: DomainDnsZones.test.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]

        at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238)

        at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)

        at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)

        at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)

        at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)

        at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)

        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)

        at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)

        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)

        at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)

        at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)

        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)

        at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)

        at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)

        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

        at java.lang.Thread.run(Thread.java:619)

Caused by: org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: simple bind failed: DomainDnsZones.test.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]

        at org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295)

        at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)

        at org.acegisecurity.ldap.LdapTemplate.searchForSingleAttributeValues(LdapTemplate.java:227)

        at org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:228)

        at hudson.security.LDAPSecurityRealm$AuthoritiesPopulatorImpl.getGroupMembershipRoles(LDAPSecurityRealm.java:521)

        at org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:181)

        at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.createUserDetails(LdapAuthenticationProvider.java:203)

        at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:235)

        ... 29 more

Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: simple bind failed: DomainDnsZones.test.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]

        at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:224)

        at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)

        at org.acegisecurity.ldap.LdapTemplate$1SingleAttributeSearchCallback.doInDirContext(LdapTemplate.java:204)

        at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)

        ... 35 more

Caused by: javax.naming.CommunicationException: simple bind failed: DomainDnsZones.test.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

        at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:74)

        at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)

        at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:339)

        at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)

        ... 38 more

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)

        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)

        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)

        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)

        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)

        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)

        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)

        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)

        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

        at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:396)

        at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)

        at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192)

        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)

        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)

        at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)

        at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)

        at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)

        at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)

        at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)

        at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)

        ... 41 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:294)

        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:200)

        at sun.security.validator.Validator.validate(Validator.java:218)

        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)

        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)

        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)

        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)

        ... 63 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)

        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:289)

        ... 69 more

Darin McGrew

unread,
Dec 6, 2011, 5:11:38 PM12/6/11
to jenkins...@googlegroups.com
I realize this post is 5 months old, but in case anyone else runs into this problem, the following helped me:
Reply all
Reply to author
Forward
0 new messages