Error connecting to LDAP server
1,269 views
Skip to first unread message
Doug Parks
Jun 20, 2013, 9:29:17 AM6/20/13
to pwm-g...@googlegroups.com
I have a DEV server that is running without any issues.
I have a PROD server configured Exactly the same and I get the errors below. It will not bind to ldap server
The first error is in the localhost.log the second is in stdout.
SEVERE: Exception Processing ErrorPage[errorCode=500, location=/WEB-INF/jsp/error-http.jsp]
org.apache.jasper.JasperException: javax.servlet.ServletException: password.pwm.error.PwmUnrecoverableException: 5015 ERROR_UNKNOWN
org.apache.jasper.JasperException: javax.servlet.ServletException: password.pwm.error.PwmUnrecoverableException: 5015 ERROR_UNKNOWN
error connecting to ldap server, will retry, unable to bind to ldaps://BCIEXT-DC-DMZ2.bciexternal.loc:636 as CN=Service Account - LDAP Lookup - Extrnl PW Self-Serv,OU=LDAP,OU=Special Accounts,DC=bciexternal,DC=loc reason: CommunicationException (BCIEXT-DC-DMZ2.bciexternal.loc:636; sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
2013-06-20 07:15:37, INFO , provider.FailOverWrapper, failing over to ldaps://BCIEXT-DC-DMZ1.bciexternal.loc:636
2013-06-20 07:15:37, DEBUG, provider.FailOverWrapper, error connecting to ldap server, will retry, unable to bind to ldaps://BCIEXT-DC-DMZ1.bciexternal.loc:636 as CN=Service Account - LDAP Lookup - Extrnl PW Self-Serv,OU=LDAP,OU=Special Accounts,DC=bciexternal,DC=loc reason: CommunicationException (BCIEXT-DC-DMZ1.bciexternal.loc:636; sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
2013-06-20 07:15:37, DEBUG, provider.ChaiProviderFactory, unable to create connection: com.novell.ldapchai.exception.ChaiUnavailableException:unable to connect to any configured ldap url, last error: unable to bind to ldaps://BCIEXT-DC-DMZ1
2013-06-20 07:15:37, INFO , provider.FailOverWrapper, failing over to ldaps://BCIEXT-DC-DMZ1.bciexternal.loc:636
2013-06-20 07:15:37, DEBUG, provider.FailOverWrapper, error connecting to ldap server, will retry, unable to bind to ldaps://BCIEXT-DC-DMZ1.bciexternal.loc:636 as CN=Service Account - LDAP Lookup - Extrnl PW Self-Serv,OU=LDAP,OU=Special Accounts,DC=bciexternal,DC=loc reason: CommunicationException (BCIEXT-DC-DMZ1.bciexternal.loc:636; sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
2013-06-20 07:15:37, DEBUG, provider.ChaiProviderFactory, unable to create connection: com.novell.ldapchai.exception.ChaiUnavailableException:unable to connect to any configured ldap url, last error: unable to bind to ldaps://BCIEXT-DC-DMZ1
Any help appreciated. TIA
Menno Pieters
Jun 20, 2013, 10:03:50 AM6/20/13
to pwm-g...@googlegroups.com
Check your SSL certificates! Make sure:
- that the production certificates and/or certificate chain are in your cacerts file (or in recent builds, import them via the wizard)
- the certificate name matches the hostname
Regards,
Menno
--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/13196f8d-5484-481b-b79f-754e791523ee%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Doug Parks
Jun 20, 2013, 3:27:10 PM6/20/13
to pwm-g...@googlegroups.com
I have done that repeatedly. Everything matches. The UI accepts the cert in the browser and works fine
It is just the connection to the domain controller that errors.
Menno Pieters
Jun 20, 2013, 4:38:30 PM6/20/13
to pwm-g...@googlegroups.com
On Thu, Jun 20, 2013 at 9:27 PM, Doug Parks <dpa...@bcidaho.com> wrote:
I have done that repeatedly. Everything matches. The UI accepts the cert in the browser and works fineIt is just the connection to the domain controller that errors.
Please check again... It really says "unable to find valid certification path to requested target". Java can be quite picky about certificates. Check that you chose the right "cacerts" file, if you have more than one. Check validity, the entire chain, etc.
Regards,
Menno
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/8f21e248-598d-4e15-b2a6-c2fb116ba7b2%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages