LDAP issue - unable to find valid certification path to requested target

[santosh...@gmail.com]

Dear All,

i am trying setup new server with bellow config

Server - Windows 2012 R2

PWM - :Latest Build 

Java - jdk-8u241-windows-x64

Pache - apache-tomcat-9.0.30

my sql : mysql-installer-community-8.0.19.0

setup is done but when trying setup LDAP getting bellow error.

i have inserted certificated in Java using keytool but not working.

i remember in old version, we could import certificate drirectly from PWM admin console but now its not working.

any suggesion please- i am badly stuck since 1 week. 

=======================================================

error connecting to ldap directory (default), error: unable to create connection: unable to connect to any configured ldap url, last error: unable to bind to ldaps://dc01.company.com:636 as CN=Admin,OU=Users,DC=company,DC=com reason: CommunicationException (Dc01.company.com:636; sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

====================================================

[Jason Rivard]

You do not need to import the cert using keytool.

Where are you seeing that error?

When you use the configuration guide, do you see the correct LDAP CA cert on the screen after you add the server address?

[santosh...@gmail.com]

Thanks you so much Jason, your point is very valid.. i could see that certificate when i am using PWM version 1.8, but i am trying to use 1.9 or 2.0 that certificate information i snot showing just after entering the LDAP server details and next page.

i had no choice and had to stick with version 1.8 only.. can you please suggest what to do.

i am getting error when entering Proxy user details just after LDAP server details ( same credentials is workign find with PWM 1.8)

[Jason Rivard]

Can you try using the very latest 2.0 build?

[santosh...@gmail.com]

Hi Jason,

You are  True hero man, now i am on latest version and workign perfectly fine.

how to know what is difference between PWM 1.8 to PWM 2.0 please if possible share some points.

Thanks. 

On Monday, February 10, 2020 at 8:32:12 AM UTC+8, Jason Rivard wrote:

Can you try using the very latest 2.0 build?

[santosh...@gmail.com]

Hi Jason,

my setup is working perfectly fine but when i am adding additional LDAP server getting bellow error, example if add AD1 server and test its working fine, when i add one more server AD2 and click on test then gettign bellow error. if i keep only AD2 server and remove one, my setup works perfectly fine. it means at one time i can only have one LDAP server but problem is there is no redundancy for LDAP. any suggestion.

=====================

java.security.cert.CertificateException: no root CA certificates in configuration trust store for this operation) 

=====================

Thanks 

On Monday, February 10, 2020 at 8:32:12 AM UTC+8, Jason Rivard wrote:

Can you try using the very latest 2.0 build?

[santosh...@gmail.com]

OK, from another post, I see that  "Settings ⇨ Security ⇨ Application Security ⇨ Certificate Validation Mode". Switching from "Root Certificate Only" to "Entire Certificate Chain" gets PWM  works.

Once I made that changed, saved & reloaded, PWM and found all LDAP working.

Thanks 

[Ricardo Ramos]

This solved my 3 day problem

:)

[Klaus He]

I got the same error when configuring PWM, the certificate was imported and has the same name as dc's hostname. But after reboot the pwm server, the error disappeared. It's written here that server need to rebooted after importing the certificate.  https://github.com/pwm-project/pwm/wiki/General-Directory-Setup 

error connecting to ldap directory (default), error: unable to create connection: unable to connect to any configured ldap url, last error: unable to bind to ldaps://dc01.company.com:636 as CN=Admin,OU=Users,DC=company,DC=com reason: CommunicationException (Dc01.company.com:636; sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)