• Sign In
  1. Messages

LDAP authentication requires valid cerfication path

CPAS Forum (Inactive)

View Message

view list print
LDAP authentication requires valid cerfication path chen  2005-12-15 06:29
Status: Closed
 
I was trying to set up ldap authentication from CPAS. It failed with the attached Java StackTrace.

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target       at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)       at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)       at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)

The ldap server in our institute requires TLS.

Is there anything I can do to configuare CPAS or Tomcat to fix this problem?

Thanks,

Chuming Chen

Medical University of South Carolina
 
 
arauch responded:  2005-12-15 17:56
CPAS LDAP authentication does not currently support TLS. I'm not very familiar with TLS, but a little investigation seems to indicate that this wouldn't be too difficult to add. However, we haven't had this request before and don't have a TLS server to test against, so it's not a high priority at the moment. If we hear more demand for it and/or find someone willing to fund the work we would certainly be happy to look into it. Also, we would welcome anyone with TLS and Java expertise who could provide the necessary CPAS code changes.

Adam
 
chen responded:  2005-12-16 07:20
Can you tell me which part of current CPAS source code is handling LDAP authentication? I can look into it. If I can make it work, I will post back the patches.
 
arauch responded:  2005-12-16 07:44
The key method is LDAPConnect() in SecurityManager.java. It attempts to connect to the LDAP server using the provided security principal and password. If it connects successfully the user is authenticated; if it throws (e.g., AuthenticationException), the user is not authenticated.

To support SSL, it looks like we would set Context.SECURITY_AUTHENTICATION to "ssl." To support TLS, I think we would new up and manipulate a StartTlsRequest object.

We would also need to add settings to the admin page, but that's trivial.

Here are some docs that may be helpful:

http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html http://java.sun.com/products/jndi/tutorial/ldap/ext/starttls.html
 
adam responded:  2006-12-04 21:12