<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Arial Unicode MS";
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@Arial Unicode MS";
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
h1
{mso-style-priority:12;
mso-style-link:"Heading 1 Char";
margin-top:18.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:21.25pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-21.25pt;
page-break-after:avoid;
mso-list:l0 level1 lfo1;
font-size:20.0pt;
font-family:"Arial Narrow",sans-serif;
color:#003E76;}
h1.CxSpFirst
{mso-style-priority:12;
mso-style-link:"Heading 1 Char";
mso-style-type:export-only;
margin-top:18.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:21.25pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-21.25pt;
page-break-after:avoid;
mso-list:l0 level1 lfo1;
font-size:20.0pt;
font-family:"Arial Narrow",sans-serif;
color:#003E76;}
h1.CxSpMiddle
{mso-style-priority:12;
mso-style-link:"Heading 1 Char";
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:21.25pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-21.25pt;
page-break-after:avoid;
mso-list:l0 level1 lfo1;
font-size:20.0pt;
font-family:"Arial Narrow",sans-serif;
color:#003E76;}
h1.CxSpLast
{mso-style-priority:12;
mso-style-link:"Heading 1 Char";
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:21.25pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-21.25pt;
page-break-after:avoid;
mso-list:l0 level1 lfo1;
font-size:20.0pt;
font-family:"Arial Narrow",sans-serif;
color:#003E76;}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
margin-top:2.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
page-break-after:avoid;
font-size:13.0pt;
font-family:"Arial Narrow",sans-serif;
color:#002E58;
font-weight:normal;}
p.MsoListBullet, li.MsoListBullet, div.MsoListBullet
{mso-style-priority:78;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:21.25pt;
margin-bottom:.0001pt;
text-indent:-21.25pt;
mso-list:l1 level1 lfo2;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.MsoListBullet2, li.MsoListBullet2, div.MsoListBullet2
{mso-style-priority:78;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:42.5pt;
margin-bottom:.0001pt;
text-indent:-21.25pt;
mso-list:l1 level2 lfo2;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.MsoListBullet3, li.MsoListBullet3, div.MsoListBullet3
{mso-style-priority:78;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:63.75pt;
margin-bottom:.0001pt;
text-indent:-21.25pt;
mso-list:l1 level3 lfo2;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.MsoListBullet4, li.MsoListBullet4, div.MsoListBullet4
{mso-style-priority:78;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:85.0pt;
margin-bottom:.0001pt;
text-indent:-21.25pt;
mso-list:l1 level4 lfo2;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.MsoListBullet5, li.MsoListBullet5, div.MsoListBullet5
{mso-style-priority:78;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:106.25pt;
margin-bottom:.0001pt;
text-indent:-21.25pt;
mso-list:l1 level5 lfo2;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.MsoTitle, li.MsoTitle, div.MsoTitle
{mso-style-priority:10;
mso-style-link:"Title Char";
margin-top:18.0pt;
margin-right:102.05pt;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:26.0pt;
font-family:"Arial Narrow",sans-serif;
color:#003E76;
text-transform:uppercase;
font-weight:bold;}
p.MsoTitleCxSpFirst, li.MsoTitleCxSpFirst, div.MsoTitleCxSpFirst
{mso-style-priority:10;
mso-style-link:"Title Char";
mso-style-type:export-only;
margin-top:18.0pt;
margin-right:102.05pt;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:26.0pt;
font-family:"Arial Narrow",sans-serif;
color:#003E76;
text-transform:uppercase;
font-weight:bold;}
p.MsoTitleCxSpMiddle, li.MsoTitleCxSpMiddle, div.MsoTitleCxSpMiddle
{mso-style-priority:10;
mso-style-link:"Title Char";
mso-style-type:export-only;
margin-top:0cm;
margin-right:102.05pt;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:26.0pt;
font-family:"Arial Narrow",sans-serif;
color:#003E76;
text-transform:uppercase;
font-weight:bold;}
p.MsoTitleCxSpLast, li.MsoTitleCxSpLast, div.MsoTitleCxSpLast
{mso-style-priority:10;
mso-style-link:"Title Char";
mso-style-type:export-only;
margin-top:0cm;
margin-right:102.05pt;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:26.0pt;
font-family:"Arial Narrow",sans-serif;
color:#003E76;
text-transform:uppercase;
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.TitleChar
{mso-style-name:"Title Char";
mso-style-priority:10;
mso-style-link:Title;
font-family:"Arial Narrow",sans-serif;
color:#003E76;
text-transform:uppercase;
font-weight:bold;}
span.Heading1Char
{mso-style-name:"Heading 1 Char";
mso-style-priority:12;
mso-style-link:"Heading 1";
font-family:"Arial Narrow",sans-serif;
color:#003E76;
font-weight:bold;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Arial Narrow",sans-serif;
color:#002E58;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.apple-tab-span
{mso-style-name:apple-tab-span;}
span.EmailStyle29
{mso-style-type:personal-reply;
font-family:"Arial",sans-serif;
color:#1F497D;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:628360796;
mso-list-template-ids:-650887362;}
@list l0:level1
{mso-level-style-link:"Heading 1";
mso-level-text:%1;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:21.25pt;
text-indent:-21.25pt;}
@list l0:level2
{mso-level-text:"%1\.%2";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:29.75pt;
text-indent:-29.75pt;}
@list l0:level3
{mso-level-text:"%1\.%2\.%3";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:38.25pt;
text-indent:-38.25pt;}
@list l0:level4
{mso-level-text:"%1\.%2\.%3\.%4";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:46.8pt;
text-indent:-46.8pt;}
@list l0:level5
{mso-level-text:"%1\.%2\.%3\.%4\.%5";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:55.3pt;
text-indent:-55.3pt;}
@list l0:level6
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:63.8pt;
text-indent:-63.8pt;}
@list l0:level7
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:72.3pt;
text-indent:-72.3pt;}
@list l0:level8
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:80.8pt;
text-indent:-80.8pt;}
@list l0:level9
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:89.3pt;
text-indent:-89.3pt;}
@list l1
{mso-list-id:874930355;
mso-list-template-ids:453293872;
mso-list-style-priority:99;
mso-list-style-name:"R&S Bullets";}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-style-link:"List Bullet";
mso-level-text:►;
mso-level-tab-stop:21.25pt;
mso-level-number-position:left;
margin-left:21.25pt;
text-indent:-21.25pt;
mso-ansi-font-size:9.0pt;
mso-bidi-font-size:9.0pt;
font-family:"Arial",sans-serif;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-style-link:"List Bullet 2";
mso-level-text:─;
mso-level-tab-stop:42.55pt;
mso-level-number-position:left;
margin-left:42.5pt;
text-indent:-21.25pt;
mso-ansi-font-size:9.0pt;
mso-bidi-font-size:9.0pt;
font-family:"Arial",sans-serif;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-style-link:"List Bullet 3";
mso-level-text:─;
mso-level-tab-stop:63.8pt;
mso-level-number-position:left;
margin-left:63.75pt;
text-indent:-21.25pt;
mso-ansi-font-size:9.0pt;
mso-bidi-font-size:9.0pt;
font-family:"Arial",sans-serif;
mso-bidi-font-family:"Times New Roman";}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-style-link:"List Bullet 4";
mso-level-text:─;
mso-level-tab-stop:3.0cm;
mso-level-number-position:left;
margin-left:85.0pt;
text-indent:-21.25pt;
mso-ansi-font-size:9.0pt;
mso-bidi-font-size:9.0pt;
font-family:"Arial",sans-serif;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-style-link:"List Bullet 5";
mso-level-text:─;
mso-level-tab-stop:106.3pt;
mso-level-number-position:left;
margin-left:106.25pt;
text-indent:-21.25pt;
mso-ansi-font-size:9.0pt;
mso-bidi-font-size:9.0pt;
font-family:"Arial",sans-serif;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:─;
mso-level-tab-stop:127.6pt;
mso-level-number-position:left;
margin-left:127.5pt;
text-indent:-21.25pt;
mso-ansi-font-size:9.0pt;
mso-bidi-font-size:9.0pt;
font-family:"Arial",sans-serif;
mso-bidi-font-family:"Times New Roman";}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:─;
mso-level-tab-stop:148.85pt;
mso-level-number-position:left;
margin-left:148.75pt;
text-indent:-21.25pt;
mso-ansi-font-size:9.0pt;
mso-bidi-font-size:9.0pt;
font-family:"Arial",sans-serif;
mso-bidi-font-family:"Times New Roman";}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:─;
mso-level-tab-stop:6.0cm;
mso-level-number-position:left;
margin-left:170.0pt;
text-indent:-21.25pt;
mso-ansi-font-size:9.0pt;
mso-bidi-font-size:9.0pt;
font-family:"Arial",sans-serif;
mso-bidi-font-family:"Times New Roman";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:─;
mso-level-tab-stop:191.35pt;
mso-level-number-position:left;
margin-left:191.25pt;
text-indent:-21.25pt;
mso-ansi-font-size:9.0pt;
mso-bidi-font-size:9.0pt;
font-family:"Arial",sans-serif;
mso-bidi-font-family:"Times New Roman";}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Hi Jim,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<pre style="background:white"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">that usually means that the certificate being presented by the (presumably load balancer?) is either self-signed or issued by a CA, whose certificate isn’t in your trust store (either specified explicitly with </span><span lang="EN-US" style="color:#0033B3">-</span><span lang="EN-US" style="color:#080808">Djavax.net.ssl.trustStore or implicitly from the JDK/JRE).<o:p></o:p></span></pre>
<pre style="background:white"><span lang="EN-US" style="color:#080808"><o:p> </o:p></span></pre>
<pre style="background:white"><span lang="EN-US" style="color:#080808">openssl s_client -connect <loadbalancer_hostname>:636 –showcerts<o:p></o:p></span></pre>
<pre style="background:white"><span lang="EN-US" style="color:#080808"><o:p> </o:p></span></pre>
<pre style="background:white"><span lang="EN-US" style="color:#080808">should give you the certificate chain. There might be a hint here regarding self-signed certificate. If not, maybe you just need to import the CA certificate into your trust store (we do the same, because our certificates are issued by our internal PKI and not included in the standard cacerts truststore that comes with the JRE).<o:p></o:p></span></pre>
<pre style="background:white"><span lang="EN-US" style="color:#080808"><o:p> </o:p></span></pre>
<pre style="background:white"><span lang="EN-US" style="color:#080808">Regards,<o:p></o:p></span></pre>
<pre style="background:white"><span lang="EN-US" style="color:#080808">Chris<o:p></o:p></span></pre>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> midPoint <midpoint-bounces@lists.evolveum.com>
<b>On Behalf Of </b>Jim Lookabaugh via midPoint<br>
<b>Sent:</b> Friday, May 21, 2021 6:17 PM<br>
<b>To:</b> midpoint@lists.evolveum.com<br>
<b>Cc:</b> Jim Lookabaugh <jlookabaugh@exclamationlabs.com><br>
<b>Subject:</b> *EXT* [Newsletter] [midPoint] Flexible Auth: ldap connection issues<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I have attempted to configure a flexible authentication module for ldap (AD) where the environment relies on a cluster of domain controllers. In this scenario, eventually authentication through this channel fails. The log indicates success
for a time, then indicates a connection closure, and thereafter shows a PKIX path building failure (I take that to superficially mean a certificate verification failure). Yet, by explicitly configuring a given domain controller in the security policy on occasion,
connecting to that specific endpoint has worked. It appears to me that the clustered approach is what’s thorny here rather than a certificate/TLS matter. I think this may, under the covers, be due to a connection caching/pooling and refresh issue, as it
appears to occur when given time — perhaps time for the environment to route requests to another member of the cluster.<o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black"><br>
This ldap cluster serves both purposes of authentication into midPoint and of an identity/provisioning resource. A similar issue apparently impacts my resource connection to this same ldap (AD) cluster. I was forced to set “Allow untrusted SSL/TLS” to true,
which seems to have prevented recurrence of the connection problems. That resource configuration has one of the four domain controllers set as the “Host”, and the other three are set as “Servers”. It is important to note that when I configure this resource
for only one ldap (AD) domain controller at a time AND for requiring trusted TLS --- and testing each of the four this way, no PKIX path building failure seems to occur. But that may be due to not allowing enough time to pass for a load balancer reroute of
traffic.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black">The certificate and the sole CA’s certificate in the signing chain for each of the four domain controllers are installed in the trust store. So, I am led to believe
that it’s not truly a PKIX path building failure. I’ve pasted an excerpt from my log below my signature. Is a connection/socket closure typical for clustered environments which the client should recover from?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black">Jim Lookabaugh<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black">Exclamation Labs<br>
300 Washington Street<br>
Cumberland, MD 21502<br>
888.545.5008 or 301.722.5008<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal">240.860.1847 direct<br>
fax 301.722.2183<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black"><a href="mailto:jlookabaugh@exclamationlabs.com">jlookabaugh@exclamationlabs.com</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black"><a href="http://www.exclamationlabs.com">www.exclamationlabs.com</a><br>
<a href="http://www.provisioniam.com">www.provisioniam.com</a><o:p></o:p></span></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">= = = = =<o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">2021-xx-xx 12:57:32,868 [] [http-nio-8080-exec-10] INFO (org.springframework.security.ldap.DefaultSpringSecurityContextSource): URL '<a href="ldaps://serverA.myowncorp.com:636/DC=myowncorp,DC=com">ldaps://serverA.myowncorp.com:636/DC=myowncorp,DC=com</a>',
root DN is 'DC=myowncorp,DC=com'<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2021-xx-xx 12:57:32,896 [] [http-nio-8080-exec-10] INFO (org.springframework.security.ldap.search.FilterBasedLdapUserSearch): SearchBase not set. Searches will be performed from the root: dc=myowncorp,dc=com<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2021-xx-xx 12:57:33,109 [] [http-nio-8080-exec-10] INFO (org.springframework.security.web.DefaultSecurityFilterChain): Creating filter chain: Ant [pattern='/auth/default/ldapAuth/**'], [org.springframework.security.web.header.HeaderWriterFilter@c02f71c,
<a href="mailto:org.springframework.security.web.csrf.CsrfFilter@60cd69b4">org.springframework.security.web.csrf.CsrfFilter@60cd69b4</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter@4db27ca8">
com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter@4db27ca8</a>,
<a href="mailto:org.springframework.security.web.authentication.logout.LogoutFilter@5693cb71">
org.springframework.security.web.authentication.logout.LogoutFilter@5693cb71</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.LdapAuthenticationFilter@2fe0dfda">
com.evolveum.midpoint.web.security.filter.LdapAuthenticationFilter@2fe0dfda</a>, <a href="mailto:org.springframework.security.web.savedrequest.RequestCacheAwareFilter@38408be">
org.springframework.security.web.savedrequest.RequestCacheAwareFilter@38408be</a>,
<a href="mailto:org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@70405950">
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@70405950</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter@640564cb">
com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter@640564cb</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.MidpointExceptionTranslationFilter@31abb100">
com.evolveum.midpoint.web.security.filter.MidpointExceptionTranslationFilter@31abb100</a>,
<a href="mailto:org.springframework.security.web.access.intercept.FilterSecurityInterceptor@2e47db4f">
org.springframework.security.web.access.intercept.FilterSecurityInterceptor@2e47db4f</a>]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2021-xx-xx 12:59:01,662 [] [http-nio-8080-exec-7] INFO (org.springframework.security.web.DefaultSecurityFilterChain): Creating filter chain: Ant [pattern='/auth/emergency/internalLoginForm/**'], [org.springframework.security.web.header.HeaderWriterFilter@7b486355,
<a href="mailto:org.springframework.security.web.csrf.CsrfFilter@788669db">org.springframework.security.web.csrf.CsrfFilter@788669db</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter@1147d5b6">
com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter@1147d5b6</a>,
<a href="mailto:org.springframework.security.web.authentication.logout.LogoutFilter@29ad491d">
org.springframework.security.web.authentication.logout.LogoutFilter@29ad491d</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.MidpointUsernamePasswordAuthenticationFilter@28906c98">
com.evolveum.midpoint.web.security.filter.MidpointUsernamePasswordAuthenticationFilter@28906c98</a>,
<a href="mailto:org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4092633f">
org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4092633f</a>,
<a href="mailto:org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@9386989">
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@9386989</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter@3a989faa">
com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter@3a989faa</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.MidpointExceptionTranslationFilter@7c8fe846">
com.evolveum.midpoint.web.security.filter.MidpointExceptionTranslationFilter@7c8fe846</a>,
<a href="mailto:org.springframework.security.web.access.intercept.FilterSecurityInterceptor@25fa86ab">
org.springframework.security.web.access.intercept.FilterSecurityInterceptor@25fa86ab</a>]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2021-xx-xx 13:01:47,035 [] [http-nio-8080-exec-23] WARN (com.exclamationlabs.connid.base.redcarpet.driver.RedCarpetUserInvocator): method: null msg:User not found for id: connectionTest<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2021-xx-xx 13:57:59,245 [] [http-nio-8080-exec-20] INFO (org.springframework.security.ldap.DefaultSpringSecurityContextSource): URL '<a href="ldaps://serverA.myowncorp.com:636/DC=myowncorp,DC=com">ldaps://serverA.myowncorp.com:636/DC=myowncorp,DC=com</a>',
root DN is 'DC=myowncorp,DC=com'<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2021-xx-xx 13:57:59,245 [] [http-nio-8080-exec-20] INFO (org.springframework.security.ldap.search.FilterBasedLdapUserSearch): SearchBase not set. Searches will be performed from the root: dc=myowncorp,dc=com<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2021-xx-xx 13:57:59,245 [] [http-nio-8080-exec-20] INFO (org.springframework.security.web.DefaultSecurityFilterChain): Creating filter chain: Ant [pattern='/auth/default/ldapAuth/**'], [org.springframework.security.web.header.HeaderWriterFilter@7774913d,
<a href="mailto:org.springframework.security.web.csrf.CsrfFilter@7a5d5a6e">org.springframework.security.web.csrf.CsrfFilter@7a5d5a6e</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter@cd0a10c">
com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter@cd0a10c</a>,
<a href="mailto:org.springframework.security.web.authentication.logout.LogoutFilter@5ffe2eb7">
org.springframework.security.web.authentication.logout.LogoutFilter@5ffe2eb7</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.LdapAuthenticationFilter@26ff4f05">
com.evolveum.midpoint.web.security.filter.LdapAuthenticationFilter@26ff4f05</a>, <a href="mailto:org.springframework.security.web.savedrequest.RequestCacheAwareFilter@12086a5c">
org.springframework.security.web.savedrequest.RequestCacheAwareFilter@12086a5c</a>,
<a href="mailto:org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4645e66b">
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4645e66b</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter@500b50f4">
com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter@500b50f4</a>,
<a href="mailto:com.evolveum.midpoint.web.security.filter.MidpointExceptionTranslationFilter@142320f8">
com.evolveum.midpoint.web.security.filter.MidpointExceptionTranslationFilter@142320f8</a>,
<a href="mailto:org.springframework.security.web.access.intercept.FilterSecurityInterceptor@fe6785d">
org.springframework.security.web.access.intercept.FilterSecurityInterceptor@fe6785d</a>]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2021-xx-xx 13:58:08,710 [MODEL] [http-nio-8080-exec-22] ERROR (com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider): Authentication (runtime) error: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a> [Root exception is java.net.SocketException: Connection or outbound has closed]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">org.springframework.security.authentication.InternalAuthenticationServiceException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a> [Root exception is java.net.SocketException: Connection or outbound has closed]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider$1.doAuthentication(MidPointLdapAuthenticationProvider.java:71)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider.internalAuthentication(MidPointLdapAuthenticationProvider.java:167)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider.authenticate(MidPointAbstractAuthenticationProvider.java:92)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Caused by: org.springframework.ldap.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a> [Root exception is java.net.SocketException: Connection or outbound has closed]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Caused by: javax.naming.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2792)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Caused by: java.net.SocketException: Connection or outbound has closed<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1190)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:398)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:371)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2021-xx-xx 13:58:08,710 [MODEL] [http-nio-8080-exec-22] ERROR (com.evolveum.midpoint.web.security.filter.LdapAuthenticationFilter): An internal error occurred while trying to authenticate the user.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">org.springframework.security.authentication.InternalAuthenticationServiceException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a> [Root exception is java.net.SocketException: Connection or outbound has closed]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider$1.doAuthentication(MidPointLdapAuthenticationProvider.java:71)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider.internalAuthentication(MidPointLdapAuthenticationProvider.java:167)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider.authenticate(MidPointAbstractAuthenticationProvider.java:92)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Caused by: org.springframework.ldap.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a> [Root exception is java.net.SocketException: Connection or outbound has closed]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Caused by: javax.naming.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2792)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Caused by: java.net.SocketException: Connection or outbound has closed<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1190)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:398)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:371)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2021-xx-xx 13:58:18,242 [] [http-nio-8080-exec-20] ERROR (com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider): Authentication (runtime) error: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a> [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to
requested target]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">org.springframework.security.authentication.InternalAuthenticationServiceException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a> [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to
requested target]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider$1.doAuthentication(MidPointLdapAuthenticationProvider.java:71)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at com.evolveum.midpoint.web.security.provider.MidPointLdapAuthenticationProvider.internalAuthentication(MidPointLdapAuthenticationProvider.java:167)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider.authenticate(MidPointAbstractAuthenticationProvider.java:92)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Caused by: org.springframework.ldap.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a>; nested exception is javax.naming.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a> [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to
requested target]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Caused by: javax.naming.CommunicationException: simple bind failed:
<a href="http://servera.myowncorp.com:636">serverA.myowncorp.com:636</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2792)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.validator.Validator.validate(Validator.java:264)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span"> </span>at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</body>
</html>