LDAP Authentication is failing with a PKIX path building failed error
book
Article ID: KB0070696
calendar_today
Updated On:
Products
Versions
TIBCO Data Virtualization
8.2.x and higher
Description
LDAP Authentication is failing, and the TDV cs_server.log file shows a PKIX path building failed error as below.
---------------------- ERROR [jetty thread pool-226] 2019-11-18 11:42:34.998 -0500 DefaultLdapDomainConnection - javax.naming.CommunicationException: simple bind failed: redwood.mycompany.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2795) at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:320) ... at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at com.compositesw.server.security.DefaultLdapDomainConnection.<init>(DefaultLdapDomainConnection.java:68) at com.compositesw.server.security.DefaultLdapDomainConnection.<init>(DefaultLdapDomainConnection.java:55) ----------------------
Resolution
The LDAP server is sending an SSL certificate to TDV. The problem is that TDV is unable to find this certificate in its (i.e. TDV's) truststore. Please do the following:
1. Ask the LDAP admin to provide you with the public certificate. If this is a certificate chain, please ensure that the LDAP admin provides the complete chain (Example: Root.cer, Intermediate.cer, Final.cer)
2. Use <TDV_INSTALL>\jdk\bin\keytool to import the certificates in the chain into the cis_server_truststore.jks file (located under <TDV_INSTALL>\conf\server\security) and into the cacert truststore file (located under TDV_INSTALL>\tdv82\jdk\lib\security) as in the example below.