Leave a comment at the end of this page or email contact@krishagni.com
Testing LDAP Configuration
The tool attached to this Wiki page (at the end) can be used to test the LDAP configuration and identify the root cause of issues, if any.
Basic Usage
Test Configuration
Successful Authentication
Invalid User
Valid User but Invalid Password
Unreachable Server
Tool
FAQ
When connecting to the LDAP directory using SSL, an error message - “Unable to find valid certification path to requested target” is printed on the console. How to resolve this?
The error message indicates Java runtime is unable to establish the connection to the LDAP server using SSL because it does not trust the certificate presented by the server. Usually this happens when the server uses a self-signed certificate or a certificate signed by a relatively unknown CA. The Java runtime trusts only those certificates that are signed by well known CAs or public certificates that present in the truststore/keystore. The default truststore is present at the location
$JAVA_HOME/lib/security/cacert.
The error can be solved in 2 ways as explained below:
Ask the LDAP server maintainers to use the certificate signed by a well known CA or
Import the LDAP server’s public certificate into the JVM truststore as below:
$ keytool -importcert -alias <server_name> -keystore $JAVA_HOME/jre/lib/security/cacerts -file server_public.crt
keytool is present in $JAVA_HOME/bin directory
server_public.crt file contains the server’s public certificate in the following format
-----BEGIN CERTIFICATE----- <CERTIFICATE CONTENT> -----END CERTIFICATE-----
Restart all applications that are using the JVM and depend on this updated truststore.
Leave a comment at the end of this page or email contact@krishagni.com