[keycloak-user] ldaps configuration --> Bug or regression with ldap connection ulr
Meissa M'baye Sakho
msakho at redhat.com
Thu Nov 15 04:12:16 EST 2018
Hello everyone,
I'm facing a very strange behaviour using keycloak 4.5 Final while
configuring my realm user federation with ldaps.
When I set the ldap connection URL to ldaps://myldaphost. It works fine.
When I change it to LDAPS://myldaphost, the test connexion fails with the
exception below (extract):
*KC-SERVICES0055: Error when connecting to LDAP:
intra-dev01.bdf-dev01.local:636: javax.naming.CommunicationException:
intra-dev01.bdf-dev01.local:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target]*
* at com.sun.jndi.ldap.Connection.<init>(Connection.java:238)*
* at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)*
* at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)*
* at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)*
* at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)*
* at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)*
* at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)*
* Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target*
* at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)*
* at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)*
With Keycloak 3.4.3Final, I used LDAPS without any problem.
Any advice?
Meissa
More information about the keycloak-user
mailing list