geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sakari Maaranen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-3812) Geronimo 2.0.2 misses ApacheDS (LDAP) function
Date Wed, 06 Feb 2008 06:45:07 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-3812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566035#action_12566035
] 

Sakari Maaranen commented on GERONIMO-3812:
-------------------------------------------

I worked around this issue by installing the ApacheDS 1.0.2 standalone. This configuration
I am using now probably takes up a little more RAM and requires extra management work. Also,
I couldn't get LDAPS working with the Geronimo LDAP Viewer. The Viewer does work with regular
LDAP.

There must be some problem with selecting the keystore for the Geronimo LDAP application,
because I keep getting the following exception in the ApacheDS standalone log: /usr/local/apacheds-1.0.2/var/log/apacheds-stdout.log

2008-02-05 17:46:36,132 WARN org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler:
[/127.0.0.1:57424] Unexpected exception forcing session to close: sending disconnect notice
to client.
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
        at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:425)
        at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
        at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
        at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
        at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
        at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
        at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
        at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
        at java.lang.Thread.run(Thread.java:595)
Caused by: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1486)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
        at org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:677)
        at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:494)
        at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:293)
        at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:393)
        ... 8 more

I am not sure, but to me it seems that when trying to connect, the Geronimo LDAP Viewer does
not recognize the ApacheDS LDAPS certificate. The above message is in the ApacheDS log, but
I guess this certificate_unknown alert originates from Geronimo?

Any advice on how to set the keystore and trusted certificates for the Geronimo LDAP Viewer
to connect to a LDAPS enabled standalone server is welcome!

My ApacheDS 1.0.2 LDAPS server is working correctly and I verified that by connecting to it
with the Eclipse Apache Directory Studio tools. Only the above problem still persists with
the Geronimo LDAP Viewer.

Especially if this bug is not going to be fixed, it would be great to at least have a good
workaround documented here.

> Geronimo 2.0.2 misses ApacheDS (LDAP) function
> ----------------------------------------------
>
>                 Key: GERONIMO-3812
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3812
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: documentation, Plugins
>    Affects Versions: 2.0.2
>         Environment: Debian Linux, java version "1.5.0_14", geronimo-tomcat6-jee5-2.0.2
>            Reporter: Sakari Maaranen
>
> Geronimo documentation at http://cwiki.apache.org/GMOxDOC20/ldap-sample-application.html
talks about org.apache.geronimo.configs/directory in system modules, but that does not exist
in Geronimo 2.0.2.
> There is also a reference to Geronimo plugins. However, when I go to Plugins in the Geronimo
console and search the geronimo-2.0.2 reposityory there is nothing related to ApacheDS or
Directory. Like if the ApacheDS function was completely missing.
> The ApacheDS plugin should be added to the 2.0.2 plugin repository. The documentation
should be updated to give the steps how to install ApacheDS with or without the plugin. The
LDAP demo is useless if ApacheDS is unavailable.
> I found this much earlier discussion on the topic:
> http://www.mail-archive.com/dev@geronimo.apache.org/msg52749.html
> http://www.mail-archive.com/dev@geronimo.apache.org/msg55148.html
> Frankly, I don't think that the forward compatibility is so much an issue, but 2.0.2
completely lacking LDAP server. Would be better have it, even without forward compatibility.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message