InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

52 views
Skip to first unread message

Misagh

unread,
Apr 29, 2015, 2:41:31 PM4/29/15
to ldap...@googlegroups.com
Hello,

I am troubleshooting an issue with ldaptive where it seems, restarting the LDAP server breaks authentication with the following errors:

2015-04-22 08:59:54,028 ERROR [org.ldaptive.pool.BlockingConnectionPool] - <unable to connect to the ldap>
[org.ldaptive.provider.ConnectionException@122642640::resultCode=PROTOCOL_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, providerException=javax.naming.CommunicationException: ldapdev.oakland.edu:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]]
at org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:86)
at org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:31)
at org.ldaptive.provider.AbstractProviderConnectionFactory.create(AbstractProviderConnectionFactory.java:118)
at org.ldaptive.DefaultConnectionFactory$DefaultConnection.open(DefaultConnectionFactory.java:295)


If I restart the web application after the LDAP reboot, all seems normal. This is with ldaptive 1.0.3.

Has anyone experienced this issue before? and if so, is a fix available in the latest release?


--
- Misagh

dfisher

unread,
Apr 29, 2015, 4:28:43 PM4/29/15
to ldap...@googlegroups.com
On Wednesday, April 29, 2015 at 2:41:31 PM UTC-4, Misagh M wrote:
Hello,

I am troubleshooting an issue with ldaptive where it seems, restarting the LDAP server breaks authentication with the following errors:

2015-04-22 08:59:54,028 ERROR [org.ldaptive.pool.BlockingConnectionPool] - <unable to connect to the ldap>
[org.ldaptive.provider.ConnectionException@122642640::resultCode=PROTOCOL_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, providerException=javax.naming.CommunicationException: ldapdev.oakland.edu:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]]

It's probably related to the ThreadLocal SSLSocketFactory. Try using the latest version or switching to startTLS. Post back if that doesn't resolve it.

--Daniel Fisher
 
Reply all
Reply to author
Forward
0 new messages