geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sakari Maaranen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-3812) Geronimo 2.0.2 misses ApacheDS (LDAP) function
Date Wed, 06 Feb 2008 13:01:55 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-3812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566123#action_12566123
] 

Sakari Maaranen commented on GERONIMO-3812:
-------------------------------------------

I also created a LDAP security realm with LDAPS URL and SSL protocol. This gives the following
errors in geronimo.log:

2008-02-06 07:51:36,080 WARN  SecurityRealmPortlet: Test login failed
javax.security.auth.login.LoginException: LDAP Error
        at org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPLoginModule.java:161)
        at org.apache.geronimo.console.util.KernelManagementHelper.testLoginModule(KernelManagementHelper.java:423)
        at org.apache.geronimo.console.util.PortletManager.testLoginModule(PortletManager.java:168)
        at org.apache.geronimo.console.securitymanager.realm.SecurityRealmPortlet.actionAttemptLogin(SecurityRealmPortlet.java:340)
        at org.apache.geronimo.console.securitymanager.realm.SecurityRealmPortlet.processAction(SecurityRealmPortlet.java:221)
        at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:229)
        at org.apache.pluto.core.PortletServlet.doGet(PortletServlet.java:158)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
        ...
        at java.lang.Thread.run(Thread.java:595)
Caused by: javax.naming.CommunicationException: simple bind failed: localhost:636 [Root exception
is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target]
        at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
        ...
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
        ...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
        at sun.security.validator.Validator.validate(Validator.java:203)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
        ...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
        ...

I think it means that some way of setting up trusted certificates for LDAP security realms
is needed. Otherwise Geronimo cannot connect to LDAPS, because it cannot trust the LDAPS certificate.

> Geronimo 2.0.2 misses ApacheDS (LDAP) function
> ----------------------------------------------
>
>                 Key: GERONIMO-3812
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3812
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: documentation, Plugins
>    Affects Versions: 2.0.2
>         Environment: Debian Linux, java version "1.5.0_14", geronimo-tomcat6-jee5-2.0.2
>            Reporter: Sakari Maaranen
>
> Geronimo documentation at http://cwiki.apache.org/GMOxDOC20/ldap-sample-application.html
talks about org.apache.geronimo.configs/directory in system modules, but that does not exist
in Geronimo 2.0.2.
> There is also a reference to Geronimo plugins. However, when I go to Plugins in the Geronimo
console and search the geronimo-2.0.2 reposityory there is nothing related to ApacheDS or
Directory. Like if the ApacheDS function was completely missing.
> The ApacheDS plugin should be added to the 2.0.2 plugin repository. The documentation
should be updated to give the steps how to install ApacheDS with or without the plugin. The
LDAP demo is useless if ApacheDS is unavailable.
> I found this much earlier discussion on the topic:
> http://www.mail-archive.com/dev@geronimo.apache.org/msg52749.html
> http://www.mail-archive.com/dev@geronimo.apache.org/msg55148.html
> Frankly, I don't think that the forward compatibility is so much an issue, but 2.0.2
completely lacking LDAP server. Would be better have it, even without forward compatibility.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message