cancel
Showing results for 
Search instead for 
Did you mean: 

LDAPS connection to set password to Active Directory

Former Member
0 Kudos

Hi,

I am trying to get setting password to work when creating a ADS user.

I have added a sertificate to AD DC - and I can access LDAPS (port 636) on it...

How ever when I create a user and Provisioning framework creates a ADS user and sets a password

- Set Password pass fails:

ToDSADirect.init got exception, returning false. - URL:ldap://DC02.company.net:636

javax.naming.CommunicationException: dc02.company.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

I have added root CA certificate to Java cacert store...

C:\Program Files (x86)\Java\jre6\lib\security>..\..\..\jdk1.6.0_32\bin\keytool.exe -import -alias dcldapsca -keystore cacerts -file C:\Certs\RootCert.cer

What am I missing???

BR

Veli-Matti

Accepted Solutions (0)

Answers (1)

Answers (1)

ChrisPS
Contributor
0 Kudos

Hi Veli-Matti - if there is any intermediate certificate used in the signing of the certificate then this should also be imported.

Chris

Former Member
0 Kudos

Solved:

Certificate which I added to cacerts was correct.

however I didn't use correct jre directory when I added the cert

C:\Program Files (x86)\Java\jre6\lib\security>..\..\..\jdk1.6.0_32\bin\keytool.exe -import -alias dcldapsca -keystore cacerts -file C:\Certs\RootCert.cer

I used incorrectly additional jre6 directory not the jre directory under the jdk.

When I added the certificate to correct one Password change started working

BR

Veli-Matti

ChrisPS
Contributor
0 Kudos

Super - great it was resolved and thanks for sharing the solution 🙂

0 Kudos

Hi Veli,

I have same issue, Web dynpro application to connect LDAP to get the details of logged in user. we are passing credentilas so we want to impliment SSL port 636 to connect.

I have 5 CA certificates for LDAP. in that LDAP team is replacing 3 imtermediate certificates.  I want to import SSL ceritifiacte to keystore.

Could you please guide me the process to import CA certificates.

I am following below link for integration, but keytools command needs to be execute at Server OS level or we need to import all 5 CS certificates.

http://www.devx.com/tips/Tip/39936

Please guide me.

Regards,

Narayana