directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William Wilkins <wwil...@uark.edu>
Subject Using Ldaps With Apacheds 1.5.5
Date Wed, 17 Dec 2008 17:21:40 GMT
I am attempting to enabled ldaps using the apacheds 1.5.5 revision 
725332. I am unsure of where to specify the external keystore file I 
would like to use for secure authentication. The 1.0 branch used spring 
with the MutableServerConfuration bean but I cannot find where that 
should be set in the 1.5 branch. The apacheds server seems to have a 
TlsKeyGenerator now but it does not seem to be configurable outside of 
the source code.

Does apacheds only support its own keypair sets now? If no where do I 
specify my own keystore files? If yes do I have to edit the source to 
adjust the key generator parameters or is there an xbean adjustment for 
them?

Assuming the server generates the keypair the wrapper.log shows that the 
ldaps service is started but then I receive the following error.

WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - 
[/127.0.0.1:33393] Unexpected exception forcing session to close: 
sending disconnect notice to client.
javax.net.ssl.SSLHandshakeException: SSL handshake failed. at 
org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
at 
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at 
org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at 
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at 
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:220)
at 
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:264)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, 
plaintext connection?
at 
com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:152)
at 
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:754)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:669)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:657)
at 
org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:613)
at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:493)
at 
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
... 8 more

The SSL message exception leads me to think the server doesn't generate 
certificates needed for encryption which brings up the question of why 
should the ldaps service start if it is unable to be utilized?

Mime
View raw message