<div dir="ltr">I would try and import your LDAP Certs or LDAP CA Certs into the midpoint.home/keystore.jceks keystore. I had to put all our CA certs into this file and also Google's mail ca certs so that notifications would go out. The default password for the keystore is in your config.xml file<div><br></div><div>JASON</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">JASON</div></div></div>
<br><div class="gmail_quote">On Tue, Nov 17, 2015 at 12:07 PM, Devin Rosenbauer <span dir="ltr"><<a href="mailto:devin@identityworksllc.com" target="_blank">devin@identityworksllc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hey all,<br><br></div>I'm working on deploying a demo LDAP connector to an OpenDJ LDAP instance. I've got everything set up and working great in non-SSL mode. When I switch the connection security configuration property to "ssl", the connection times out every time, with this root cause stack trace:<br><br>Caused by: org.apache.directory.api.ldap.model.exception.LdapException: TimeOut occurred<br> at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4138) ~[api-all-1.0.0-M31-e1.jar:1.0.0-M31-e1]<br> at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1287) ~[api-all-1.0.0-M31-e1.jar:1.0.0-M31-e1]<br> at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1185) ~[api-all-1.0.0-M31-e1.jar:1.0.0-M31-e1]<br> at com.evolveum.polygon.connector.ldap.LdapConnector.bind(LdapConnector.java:1030) ~[connector-ldap-1.4.1.23.jar:na]<br><br>After looking through the code, I'm guessing that the SSL filter is attempting to prompt the non-existent keyboard user to accept or deny the certificate. I've imported the cert as a trusted certificate into the Java cacerts file, but I'm not sure that that's what the LDAP connector is using.<br clear="all"><div><div><br></div><div>Any suggestions?<span class="HOEnZb"><font color="#888888"><br><br><br><br>-- <br><div><div dir="ltr">Devin Rosenbauer<br>Principal Consultant<br>Identity Works LLC<br><a href="tel:%2B1%20585%20210%203201" value="+15852103201" target="_blank">+1 585 210 3201</a><br></div></div>
</font></span></div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>