Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 12944 invoked from network); 28 Jul 2003 15:50:17 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 28 Jul 2003 15:50:17 -0000 Received: (qmail 28091 invoked by uid 97); 28 Jul 2003 15:52:54 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org Received: (qmail 28084 invoked from network); 28 Jul 2003 15:52:54 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 28 Jul 2003 15:52:54 -0000 Received: (qmail 11523 invoked by uid 500); 28 Jul 2003 15:50:01 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 11485 invoked from network); 28 Jul 2003 15:49:59 -0000 Received: from jabba.refinedsolutions.net (65.114.251.110) by daedalus.apache.org with SMTP; 28 Jul 2003 15:49:59 -0000 Received: from ugholf.net (gollum.transmontaigne.com [10.1.32.114]) by jabba.refinedsolutions.net (8.11.6/8.11.2) with ESMTP id h6SFnuo20890 for ; Mon, 28 Jul 2003 09:49:59 -0600 Message-ID: <3F254624.6090806@ugholf.net> Date: Mon, 28 Jul 2003 09:49:56 -0600 From: Chris Egolf User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 X-Accept-Language: en-us, en MIME-Version: 1.0 To: tomcat-user@jakarta.apache.org Subject: JNDIRealm using LDAP with SSL Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Does anyone have any experience getting ldaps working w/ the JDNIRealms in Tomcat 4.1.24? Regular LDAP is working fine, but when I change the connection URL to ldaps://:636 I get the following error: 2003-07-28 09:40:49 JNDIRealm[Standalone]: Connecting to URL ldaps://10.1.1.50:636 2003-07-28 09:40:50 JNDIRealm[Standalone]: Exception performing authentication javax.naming.CommunicationException: simple bind failed: 10.1.1.50:636 [Root exception is javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found] My Realm element in server.xml: Like I said, this works if connectionURL="ldap://10.1.1.50:389". I can connect to the LDAP server (Novell eDirectory) via SSL using a Java browser if I accept the certificate, so I wonder if that might have something to do with it. I've also successfully followed the Config-SSL-HOWTO, accepted the certificate from the server and setup the keystore for the connector as described, but I get the feeling that this is strictly for enabling SSL over HTTP. Thanks in advance. Chris --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org