Hyland Connect

ashwini · ‎07-13-2012

Hi ,
I tried configuring Open LDAP with SSL/TLS with Alfresco 4.0.c and getting exception :
My Configurations are as below :
I have added below line in alfresco-global.properties file

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap‍

Created folder structure as below and copied files from subsystem
copied below files at location /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1
ldap-authentication.properties
ldap-authentication-context.xml
copied below file at /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap
common-ldap-context.xml

updated ldap-authentication.properties as below


ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=uid\=%s,ou\=Users,dc\=companyname,dc\=com
ldap.authentication.java.naming.provider.url=ldaps://ipaddress:636
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=root
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=uid\=xyz,ou\=Users,dc\=companyname,dc\=com
ldap.synchronization.java.naming.security.credentials=**********
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupSearchBase=ou\=Groups,dc\=companyname,dc\=com
ldap.synchronization.userSearchBase=ou\=Users,dc\=companyname,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

then followed instructions as mentioned on below link

http://wiki.alfresco.com/wiki/Ldap_over_SSL#LDAP_Authentication_with_SSL

and restarted Alfresco. I cant not access alfresco at all . Getting exception as below :

SEVERE: Failed to load keystore type pkcs12 with path /opt/alfresco-4.0.c/java/keystore due to toDerInputStream rejects tag type 71
java.io.IOException: toDerInputStream rejects tag type 71
   at sun.security.util.DerValue.toDerInputStream(DerValue.java:806)
   at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1201)
   at java.security.KeyStore.load(KeyStore.java:1185)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:350)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:320)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:513)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:419)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
   at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
   at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
   at org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
   at org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
   at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
13 Jul, 2012 4:53:12 PM org.apache.coyote.http11.Http11Protocol init
SEVERE: Error initializing endpoint
java.io.IOException: toDerInputStream rejects tag type 71
   at sun.security.util.DerValue.toDerInputStream(DerValue.java:806)
   at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1201)
   at java.security.KeyStore.load(KeyStore.java:1185)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:350)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:320)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:513)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:419)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
   at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
   at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
   at org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
   at org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
   at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
13 Jul, 2012 4:53:12 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException:  Protocol handler initialization failed: java.io.IOException: toDerInputStream rejects tag type 71
   at org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
   at org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
   at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
13 Jul, 2012 4:53:12 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1281 ms
13 Jul, 2012 4:53:12 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
13 Jul, 2012 4:53:12 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.29
13 Jul, 2012 4:53:12 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
13 Jul, 2012 4:53:13 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor alfresco.xml
13 Jul, 2012 4:53:14 PM org.apache.catalina.core.StandardContext addApplicationListener
INFO: The listener "org.apache.myfaces.webapp.StartupServletContextListener" is already configured for this context. The duplicate definition has been ignored.
2012-07-13 16:53:25,452  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Starting 'sysAdmin' subsystem, ID: [sysAdmin, default]
 2012-07-13 16:53:25,511  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Startup of 'sysAdmin' subsystem, ID: [sysAdmin, default] complete
 2012-07-13 16:53:28,961  ERROR [authentication.ldap.LDAPInitialDirContextFactoryImpl] [main] Unable to connect to LDAP Server; check LDAP configuration
 javax.naming.CommunicationException: 172.16.0.159:636 [Root exception is java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)]
   at com.sun.jndi.ldap.Connection.<init>(Connection.java:200)
   at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
   at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
   at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
   at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
   at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
   at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
   at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
   at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
   at javax.naming.InitialContext.init(InitialContext.java:223)
   at javax.naming.InitialContext.<init>(InitialContext.java:197)
   at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.afterPropertiesSet(LDAPInitialDirContextFactoryImpl.java:302)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
   at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:630)
   at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1003)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:907)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
   at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:580)
   at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4135)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4630)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
   at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
   at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
   at org.apache.catalina.core.StandardService.start(StandardService.java:519)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
   at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
   at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:192)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at com.sun.jndi.ldap.Connection.createSocket(Connection.java:317)
   at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
   … 87 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
   at java.security.Provider$Service.newInstance(Provider.java:1245)
   at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
   at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
   at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
   at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
   at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at com.sun.jndi.ldap.Connection.createSocket(Connection.java:273)
   … 88 more
Caused by: java.io.IOException: Invalid keystore format
   at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
   at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
   at java.security.KeyStore.load(KeyStore.java:1185)
   at com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:202)
   at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultTrustManager(DefaultSSLContextImpl.java:70)
   at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
   at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
   at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
   at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
   at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
   at java.lang.Class.newInstance0(Class.java:355)
   at java.lang.Class.newInstance(Class.java:308)
   at java.security.Provider$Service.newInstance(Provider.java:1221)
   … 98 more‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I am really not getting whts failing here. Can anybody help me to resolve this issue.

Thank you so much in advance!!!

Regards,
Ashwini

iblanco · ‎07-14-2012

Does the keystore exist ? It looks like a problem not with Alfresco but with Java. You must make sure that the Java running tomcat does validate the certificate send by your LDAP server or configure JVM to ignore invalid Certificates. But it seems your problem is previous.

I know is not the direct solution for your problem but hope it points you to the right direction to check.

Bye.

ashwini · ‎07-17-2012

Hello ,

I think you are right, when I checked connection using certificate its successful as shown below

alfadmin@alfresc-VM:~$ java -Djavax.net.ssl.trustStore=/etc/java/keystore SSLPoke email.datamatics.eu 636
Successfully connected
alfadmin@alfresc-VM:~$ 
‍‍‍‍

Could you please tell me how can I check, weather certificates get validated by tomcat or not ?

Regards,
Ashwini

iblanco · ‎07-17-2012

Does Alfresco work properly without LDAP configuration ? I'm not 100% sure your problem is LDAP related.

Have you tried specifying your keystore in JAVA_OPTS environment variable ??? If you have a vanilla tomcat installed probably editing catalina.sh (or catalina.bat in windows) and adding "-Djavax.net.ssl.trustStore=/etc/java/keystore" and/or "-Djavax.net.ssl.keyStore=/etc/java/keystore" options to JAVA_OPTS should point tomcat to the right keystore.

ashwini · ‎07-17-2012

Yes,Alfresco works perfectly without LDAP configuration.
And ya I have edited catalina.sh and specified keystore in JAVA_OPTS environment variable as below :

JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/etc/java/keystore"‍

but nothing changed .. same exceptions .

ashwini · ‎07-19-2012

Alfresco runs on https (tomcat has been configured for SSL),When I disabled my https , then I was able connect to Open ldaps with the same configuration. But when I enable https again I gets exception as below :

SEVERE: Failed to load keystore type pkcs12 with path /etc/java/keystorePkcs12 due to DerInputStream.getLength(): lengthTag=109, too big.
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.‍‍

same exception I found when I tried to convert keystore manually from jks to pkcs12 type

I have generated keystore as below :

sudo keytool -import -alias domain -keystore /etc/java/keystore -file /home/alfadmin/Desktop/xyz.der‍

Checked type for generated keystore

keytool -list -keystore /etc/java/keystore‍

which showed me keystore type as jks.
keystore.type=jks set in java.security .

I have configured server.xml for https as below:

<Connector port="333" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"  
                keystoreType="pkcs12" keystoreFile="/etc/keystore/sss.p12"
   keystorePass= "htgkilnsg" /> 
‍‍‍‍‍‍

Here I noticed keystoreType="pkcs12".

Is this the reason why java tries to convert the keystore type from jks to pkcs12.
has anybody configured Open Ldap with ssl on alfresco running on https ?

ashwini · ‎08-01-2012

Finally I have figured out the problem.

After importing both certificates (one for tomcat SSL and another for ldaps ) together in single keystore file , problem is resolved.

Now ldap over SSL is integrated with alfresco ( tomcat with https ).

Hyland Connect

Open LDAP with SSL/TLS and Alfresco 4.0.c