"Failed to authenticate via LDAP: [#320000] Cant connect to LDAP server. " after upgrading Veritas eDiscovery Platform (EDP)

book

Article ID: 100023507

calendar_today

Updated On:

Description

Error Message

----------------------------------
--- Results of test connection ---
----------------------------------

Failed to authenticate via LDAP: [#320000] Cant connect to LDAP server.

com.teneo.esa.common.exception.TeneoException: [#320000] Cant connect to LDAP server.
at com.teneo.esa.ui.auth.LDAP.authenticate(LDAP.java:264)
at com.teneo.esa.system.support.ldap.LdapConfig.runFeature(LdapConfig.java:135)
at com.teneo.esa.system.support.ProviderSupport._runFeature(ProviderSupport.java:259)
at com.teneo.esa.system.support.ProviderSupport.runFeature(ProviderSupport.java:202)
at com.teneo.esa.system.support.Support.runService(Support.java:299)
at com.teneo.esa.admin.service.AbstractService.run(AbstractService.java:1142)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [Realm[JNDIRealm]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
at com.teneo.esa.ui.auth.LDAP.authenticate(LDAP.java:233)
at com.teneo.esa.ui.auth.LDAP.authenticate(LDAP.java:260)
... 6 more
Caused by: org.apache.catalina.LifecycleException: Exception opening directory server connection
at org.apache.catalina.realm.JNDIRealm.startInternal(JNDIRealm.java:2200)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 8 more
 

Catalina log show something like:

javax.naming.CommunicationException: simple bind failed: domain.com:636 [Root exception is javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
 

Cause

The upgrade may not have moved the "cacerts" file from the previously working java (jdk) location to the new java (jdk) version location.

Resolution

The cacert file in the C:\jdk-8u181-windows-x32\jre\lib\security and C:\jdk-8u181-windows-x64\jre\lib\security may not have the certificate required for your domain. If you have a backup of the cacerts file from the previous java folder, copy that cacert into the jdk folder mention above and restart EDP services.

If you do not have a previous copy of the cacerts file, please follow the eDP System Admin Guide for 'Secure LDAP SSL/TLS Support' on page 48.

 

Veritas Technologies LLC currently plans to address this issue by way of a patch or hotfix to the current version of the software. Please note that Veritas Technologies LLC reserves the right to remove any fix from the targeted release if it does not pass quality assurance tests.  Veritas’ plans are subject to change and any action taken by you based on the above information or your reliance upon the above information is made at your own risk.

 

Issue/Introduction

After upgrading from Veritas eDiscovery Platfrom version v8x to the v9x, LDAPS may no longer work.
It may appear as if configuration settings are correct and have not changed; yet ldaps authentication no longer works. The results of "LDAP Configuration Tester" is failing

Additional Information

JIRA: ESA-29063 JIRA: 1798
Powered by Wolken Software