I'm attempting to configure LDAPS with SSPR. Following these docs:
http://tinyurl.com/lqt56j6

I've exported the cert.der via iManager and followed these instructions
to import the cert into my JAVA_HOME\lib\security\cacerts .. NOTE: this
is the same Java which runs my tomcat instance.

After save the configuration I get:
LDAP WARN error connecting to ldap directory: unable to create
connection: unable to connect to any configured ldap url, last error:
unable to bind to ldaps://192.168.0.164:636 as cn=PwmProxy,ou=sa,o=data
reason: CommunicationException (192.168.0.164:636;
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderE xception: unable to
find valid certification path to requested target)

Catalina.out:
2013-07-17 08:53:49, WARN , provider.FailOverWrapper, unable to reach
ldap server ldaps://192.168.0.164:636
2013-07-17 08:53:49, DEBUG, wordlist.SharedHistoryManager, skipping
wordDB reduce operation, eldestEntry=14m, maxAge=28d:12h
2013-07-17 08:53:49, TRACE, servlet.ResourceFileServlet, {0} GET request
for: /sspr/resources/favicon.ico (no params)
[0:0:0:0:0:0:0:1%0/localhost]
2013-07-17 08:53:49, TRACE, servlet.ResourceFileServlet, {0} GET request
for: /sspr/resources/favicon.ico (no params)
[0:0:0:0:0:0:0:1%0/localhost]
2013-07-17 08:53:49, DEBUG, provider.FailOverWrapper, error connecting
to ldap server, will retry, unable to bind to ldaps://192.168.0.164:636
as cn=PwmProxy,ou=sa,o=data reason: CommunicationException
(192.168.0.164:636; sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderE xception: unable to
find valid certification path to requested target)
2013-07-17 08:53:49, DEBUG, provider.ChaiProviderFactory, unable to
create connection:
com.novell.ldapchai.exception.ChaiUnavailableExcep tion:unable to connect
to any configured ldap url, last error: unable to bind to
ldaps://192.168.0.164:636 as cn=PwmProxy,ou=sa,o=data reason:
CommunicationException (192.168.0.164:636;
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderE xception: unable to
find valid certification path to requested target)
2013-07-17 08:53:49, TRACE, util.Helper, externalJudgeMethod
'password.pwm.PwmPasswordJudge' returned a value of 46
2013-07-17 08:53:49, TRACE, health.HealthMonitor, health check process
completed
2013-07-17 08:53:50, DEBUG, provider.FailOverWrapper, error connecting
to ldap server, will retry, unable to bind to ldaps://192.168.0.164:636
as cn=PwmProxy,ou=sa,o=data reason: CommunicationException
(192.168.0.164:636; sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderE xception: unable to
find valid certification path to requested target)
2013-07-17 08:53:50, DEBUG, provider.ChaiProviderFactory, unable to
create connection:
com.novell.ldapchai.exception.ChaiUnavailableExcep tion:unable to connect
to any configured ldap url, last error: unable to bind to
ldaps://192.168.0.164:636 as cn=PwmProxy,ou=sa,o=data reason:
CommunicationException (192.168.0.164:636;
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderE xception: unable to
find valid certification path to requested target)


--
icsynergymg
------------------------------------------------------------------------
icsynergymg's Profile: https://forums.netiq.com/member.php?userid=5337
View this thread: https://forums.netiq.com/showthread.php?t=48211