Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-360

LDAP authentized connection with mod_authnz_ldap SSL connection not estabilished

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • JWS 3.1.0 ER1
    • JWS 3.0.3 ER1
    • rpm
    • None
    • Documentation (Ref Guide, User Guide, etc.), Release Notes
    •  nss
    • Documented as Known Issue
    • Hide

      1) Configure mod_authnz_ldap for SSL connection (without certificates)
      2) Add an user
      3) Try to authentize with the user

      Show
      1) Configure mod_authnz_ldap for SSL connection (without certificates) 2) Add an user 3) Try to authentize with the user

      LDAP with SSL connection fails. The handshake fails due the TLS/SSL exception. The insufficient SSL security is thrown in testsuite.
      These exceptions raise in apache log (error_log):

      ...
TLS: certificate [CN=dhcp-4-207.brq.redhat.com,OU=Directory,O=ASF,C=US] is not valid - error -8181:Peer's Certificate has expired..
TLS: certificate [CN=dhcp-4-207.brq.redhat.com,OU=Directory,O=ASF,C=US] is not valid - error -8179:Peer's Certificate issuer is not recognized..
TLS: error: connect - force handshake failure: errno 115 - moznss error -12156
TLS: can't connect: TLS error -12156:The server certificate included a public key that was too weak..
...

      and

      ...
[Wed Mar 23 05:16:52.391291 2016] [authnz_ldap:info] [pid 31926] [client 127.0.0.1:59461] AH01695: auth_ldap authenticate: user hnelson authentication failed; URI /ldap-status [LDAP: ldap_simple_bind() failed][Can't contact LDAP server]
...

            rhn-engineering-jclere Jean-Frederic Clere
            fgoldefu@redhat.com Filip Goldefus (Inactive)
            Filip Goldefus Filip Goldefus (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: