Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com

Testing LDAP Configuration

The tool attached to this Wiki page (at the end) can be used to test the LDAP configuration and identify the root cause of issues, if any.

Basic Usage

Test Configuration

Successful Authentication

Invalid User

Valid User but Invalid Password

Unreachable Server

Tool

FAQ

When connecting to the LDAP directory using SSL, an error message - “Unable to find valid certification path to requested target” is printed on the console. How to resolve this?

  1. The error message indicates Java runtime is unable to establish the connection to the LDAP server using SSL because it does not trust the certificate presented by the server. Usually this happens when the server uses a self-signed certificate or a certificate signed by a relatively unknown CA. The Java runtime trusts only those certificates that are signed by well known CAs or public certificates that present in the truststore/keystore. The default truststore is present at the location $JAVA_HOME/lib/security/cacert.

  2. The error can be solved in 2 ways as explained below:

    1. Ask the LDAP server maintainers to use the certificate signed by a well known CA or

    2. Import the LDAP server’s public certificate into the JVM truststore as below:

      $ keytool -importcert -alias <server_name> -keystore $JAVA_HOME/jre/lib/security/cacerts -file server_public.crt
    3. keytool is present in $JAVA_HOME/bin directory

    4. server_public.crt file contains the server’s public certificate in the following format

      -----BEGIN CERTIFICATE----- <CERTIFICATE CONTENT> -----END CERTIFICATE-----
  3. Restart all applications that are using the JVM and depend on this updated truststore.

 

Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com