<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">I have attempted to configure a flexible authentication module for ldap (AD) where the environment relies on a cluster of domain controllers.  In this scenario, eventually authentication through this channel fails. The log indicates success for a time, then indicates a connection closure, and thereafter shows a PKIX path building failure (I take that to superficially mean a certificate verification failure).  Yet, by explicitly configuring a given domain controller in the security policy on occasion, connecting to that specific endpoint has worked.  It appears to me that the clustered approach is what’s thorny here rather than a certificate/TLS matter.  I think this may, under the covers, be due to a connection caching/pooling and refresh issue, as it appears to occur when given time — perhaps time for the environment to route requests to another member of the cluster.<br class=""><div class="">
<div dir="auto" style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; text-align: start; text-indent: 0px;"><br class="Apple-interchange-newline">This ldap cluster serves both purposes of authentication into midPoint and of an identity/provisioning resource. A similar issue apparently impacts my resource connection to this same ldap (AD) cluster.  I was forced to set “Allow untrusted SSL/TLS” to true, which seems to have prevented recurrence of the connection problems.  That resource configuration has one of the four domain controllers set as the “Host”, and the other three are set as “Servers”. It is important to note that when I configure this resource for only one ldap (AD) domain controller at a time AND for requiring trusted TLS --- and testing each of the four this way, no PKIX path building failure seems to occur. But that may be due to not allowing enough time to pass for a load balancer reroute of traffic.</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; text-align: start; text-indent: 0px;"><br class=""></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; text-align: start; text-indent: 0px;">The certificate and the sole CA’s certificate in the signing chain for each of the four domain controllers are installed in the trust store. So, I am led to believe that it’s not truly a PKIX path building failure.  I’ve pasted an excerpt from my log below my signature.  Is a connection/socket closure typical for clustered environments which the client should recover from?</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; text-align: start; text-indent: 0px;"><br class=""></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; text-align: start; text-indent: 0px;">Jim Lookabaugh</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; text-align: start; text-indent: 0px;" class="">Exclamation Labs<br class="">300 Washington Street<br class="">Cumberland, MD 21502<br class="">888.545.5008 or 301.722.5008</div><div style="text-align: start; text-indent: 0px;" class="">240.860.1847 direct<br class="">fax 301.722.2183</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; text-align: start; text-indent: 0px;" class=""><a href="mailto:jlookabaugh@exclamationlabs.com" class="">jlookabaugh@exclamationlabs.com</a><br class=""></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; text-align: start; text-indent: 0px;" class=""><a href="http://www.exclamationlabs.com" class="">www.exclamationlabs.com</a><br class="">www.provisioniam.com</div></div>
</div>
<div><br class=""></div><div><br class=""></div><div>= = = = =</div><div><div>2021-xx-xx 12:57:32,868 [] [http-nio-8080-exec-10] INFO (org.springframework.security.ldap.DefaultSpringSecurityContextSource):  URL '<a href="ldaps://serverA.myowncorp.com:636/DC=myowncorp,DC=com" class="">ldaps://serverA.myowncorp.com:636/DC=myowncorp,DC=com</a>', root DN is 'DC=myowncorp,DC=com'</div><div>2021-xx-xx 12:57:32,896 [] [http-nio-8080-exec-10] INFO (org.springframework.security.ldap.search.FilterBasedLdapUserSearch): SearchBase not set. Searches will be performed from the root: dc=myowncorp,dc=com</div><div>2021-xx-xx 12:57:33,109 [] [http-nio-8080-exec-10] INFO (org.springframework.security.web.DefaultSecurityFilterChain): Creating filter chain: Ant [pattern='/auth/default/ldapAuth/**'], [org.springframework.security.web.header.HeaderWriterFilter@c02f71c, org.springframework.security.web.csrf.CsrfFilter@60cd69b4, com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter@4db27ca8, org.springframework.security.web.authentication.logout.LogoutFilter@5693cb71, com.evolveum.midpoint.web.security.filter.LdapAuthenticationFilter@2fe0dfda, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@38408be, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@70405950, com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter@640564cb, com.evolveum.midpoint.web.security.filter.MidpointExceptionTranslationFilter@31abb100, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@2e47db4f]</div><div>2021-xx-xx 12:59:01,662 [] [http-nio-8080-exec-7] INFO (org.springframework.security.web.DefaultSecurityFilterChain): Creating filter chain: Ant [pattern='/auth/emergency/internalLoginForm/**'], [org.springframework.security.web.header.HeaderWriterFilter@7b486355, org.springframework.security.web.csrf.CsrfFilter@788669db, com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter@1147d5b6, org.springframework.security.web.authentication.logout.LogoutFilter@29ad491d, com.evolveum.midpoint.web.security.filter.MidpointUsernamePasswordAuthenticationFilter@28906c98, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4092633f, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@9386989, com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter@3a989faa, com.evolveum.midpoint.web.security.filter.MidpointExceptionTranslationFilter@7c8fe846, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@25fa86ab]</div><div>2021-xx-xx 13:01:47,035 [] [http-nio-8080-exec-23] WARN (com.exclamationlabs.connid.base.redcarpet.driver.RedCarpetUserInvocator): method: null msg:User not found for id: connectionTest</div><div>2021-xx-xx 13:57:59,245 [] [http-nio-8080-exec-20] INFO (org.springframework.security.ldap.DefaultSpringSecurityContextSource):  URL '<a href="ldaps://serverA.myowncorp.com:636/DC=myowncorp,DC=com" class="">ldaps://serverA.myowncorp.com:636/DC=myowncorp,DC=com</a>', root DN is 'DC=myowncorp,DC=com'</div><div>2021-xx-xx 13:57:59,245 [] [http-nio-8080-exec-20] INFO (org.springframework.security.ldap.search.FilterBasedLdapUserSearch): SearchBase not set. Searches will be performed from the root: dc=myowncorp,dc=com</div><div>2021-xx-xx 13:57:59,245 [] [http-nio-8080-exec-20] INFO (org.springframework.security.web.DefaultSecurityFilterChain): Creating filter chain: Ant [pattern='/auth/default/ldapAuth/**'], [org.springframework.security.web.header.HeaderWriterFilter@7774913d, org.springframework.security.web.csrf.CsrfFilter@7a5d5a6e, com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter@cd0a10c, org.springframework.security.web.authentication.logout.LogoutFilter@5ffe2eb7, com.evolveum.midpoint.web.security.filter.LdapAuthenticationFilter@26ff4f05, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@12086a5c, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4645e66b, com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter@500b50f4, com.evolveum.midpoint.web.security.filter.MidpointExceptionTranslationFilter@142320f8, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@fe6785d]</div><div>2021-xx-xx 13:58:08,710 [MODEL] [http-nio-8080-exec-22] ERROR (com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider): Authentication (runtime) error: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a> [Root exception is java.net.SocketException: Connection or outbound has closed]</div><div>org.springframework.security.authentication.InternalAuthenticationServiceException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a> [Root exception is java.net.SocketException: Connection or outbound has closed]</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider$1.doAuthentication(MidPointLdapAuthenticationProvider.java:71)</div><div><span class="Apple-tab-span" style="white-space:pre">     </span>at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider.internalAuthentication(MidPointLdapAuthenticationProvider.java:167)</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>at com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider.authenticate(MidPointAbstractAuthenticationProvider.java:92)</div><div>Caused by: org.springframework.ldap.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a> [Root exception is java.net.SocketException: Connection or outbound has closed]</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)</div><div><span class="Apple-tab-span" style="white-space:pre">    </span>at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)</div><div>Caused by: javax.naming.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a></div><div><span class="Apple-tab-span" style="white-space:pre">     </span>at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2792)</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)</div><div>Caused by: java.net.SocketException: Connection or outbound has closed</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1190)</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:398)</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:371)</div><div>2021-xx-xx 13:58:08,710 [MODEL] [http-nio-8080-exec-22] ERROR (com.evolveum.midpoint.web.security.filter.LdapAuthenticationFilter): An internal error occurred while trying to authenticate the user.</div><div>org.springframework.security.authentication.InternalAuthenticationServiceException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a> [Root exception is java.net.SocketException: Connection or outbound has closed]</div><div><span class="Apple-tab-span" style="white-space:pre">    </span>at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider$1.doAuthentication(MidPointLdapAuthenticationProvider.java:71)</div><div><span class="Apple-tab-span" style="white-space:pre">     </span>at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider.internalAuthentication(MidPointLdapAuthenticationProvider.java:167)</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>at com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider.authenticate(MidPointAbstractAuthenticationProvider.java:92)</div><div>Caused by: org.springframework.ldap.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a> [Root exception is java.net.SocketException: Connection or outbound has closed]</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)</div><div><span class="Apple-tab-span" style="white-space:pre">    </span>at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)</div><div>Caused by: javax.naming.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a></div><div><span class="Apple-tab-span" style="white-space:pre">     </span>at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2792)</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)</div><div>Caused by: java.net.SocketException: Connection or outbound has closed</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1190)</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:398)</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:371)</div><div>2021-xx-xx 13:58:18,242 [] [http-nio-8080-exec-20] ERROR (com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider): Authentication (runtime) error: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a> [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]</div><div>org.springframework.security.authentication.InternalAuthenticationServiceException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a> [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]</div><div><span class="Apple-tab-span" style="white-space:pre">     </span>at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider$1.doAuthentication(MidPointLdapAuthenticationProvider.java:71)</div><div><span class="Apple-tab-span" style="white-space:pre">     </span>at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider.internalAuthentication(MidPointLdapAuthenticationProvider.java:167)</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>at com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider.authenticate(MidPointAbstractAuthenticationProvider.java:92)</div><div>Caused by: org.springframework.ldap.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a> [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)</div><div><span class="Apple-tab-span" style="white-space:pre">    </span>at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)</div><div>Caused by: javax.naming.CommunicationException: simple bind failed: <a href="http://servera.myowncorp.com:636" class="">serverA.myowncorp.com:636</a></div><div><span class="Apple-tab-span" style="white-space:pre">     </span>at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2792)</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)</div><div>Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326)</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269)</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645)</div><div>Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)</div><div><span class="Apple-tab-span" style="white-space:pre">    </span>at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)</div><div><span class="Apple-tab-span" style="white-space:pre">     </span>at java.base/sun.security.validator.Validator.validate(Validator.java:264)</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)</div><div>Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)</div><div><span class="Apple-tab-span" style="white-space:pre">    </span>at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)</div><div><span class="Apple-tab-span" style="white-space:pre">    </span>at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)</div><div class=""><br class=""></div></div></body></html>