[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems with openLDAP + GSSAPI + JAVA
On Tue, Jun 30 2015 at 12:48:22 +0200, Andreas Laesser scribbled
in "Problems with openLDAP + GSSAPI + JAVA":
> Hi @all
>
> I have a (maybe) a problem with my openldap server authenticating over a
> JAVA tool (Apache Directory Studio LDAP Browser V2.0.0.v20130628,
> jXplorer) via GSSAPI.
>
> When I do a ldapsearch from command line via GSSAPI it works fine...
>
>
> ~ % klist
> Ticket cache: FILE:/tmp/krb5cc_1086_lR4Nxxxxrs
> Default principal: admin@SPSC.TUGRAZ.AT
>
> Valid starting Expires Service principal
> 30/06/2015 10:54 02/07/2015 10:54 krbtgt/SPSC.TUGRAZ.AT@SPSC.TUGRAZ.AT
> renew until 10/07/2015 10:54
> 30/06/2015 10:54 02/07/2015 10:54 ldap/ldap1.spsc.tugraz.at@SPSC.TUGRAZ.AT
> renew until 10/07/2015 10:54
>
>
> ~ % ldapsearch -H ldaps://ldap1.spsc.tugraz.at -b "dc=SPSC,dc=TUGRAZ,dc=AT"
>
> This works well....
>
> but if I try the same from one of the two tools mentioned above it
> simply not bind or connects....
>
> Does anybody had the same problems, or knows a solution?
Hi Andreas,
Just as a hunch, what's the subject (or Subject Alternative Names) for
the SSL certificate on "ldap1.spsc.tugraz.at"? If you're using DNS
round-robin I'm guessing that "ldap1.spsc.tugraz.at" may not be
listed, and that JAVA is being picky about validating the server-side
certificate.
Just a thought.
Cheers.
Dameon.
--
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
Dr. Dameon Wagner, Systems Development and Support
IT Services, University of Oxford
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><