Testing LDAP Configuration

The tool attached to this Wiki page (at the end) can be used to test the LDAP configuration and identify the root cause of issues, if any.

The error message indicates Java runtime is unable to establish the connection to the LDAP server using SSL because it does not trust the certificate presented by the server. Usually this happens when the server uses a self-signed certificate or a certificate signed by a relatively unknown CA. The Java runtime trusts only those certificates that are signed by well known CAs or public certificates that present in the truststore/keystore. The default truststore is present at the location $JAVA_HOME/lib/security/cacert.
The error can be solved in 2 ways as explained below:
1. Ask the LDAP server maintainers to use the certificate signed by a well known CA or
2. Import the LDAP server’s public certificate into the JVM truststore as below:
  $ keytool -importcert -alias <server_name> -keystore $JAVA_HOME/jre/lib/security/cacerts -file server_public.crt
3. keytool is present in $JAVA_HOME/bin directory
4. server_public.crt file contains the server’s public certificate in the following format
  -----BEGIN CERTIFICATE----- <CERTIFICATE CONTENT> -----END CERTIFICATE-----
Restart all applications that are using the JVM and depend on this updated truststore.