Searchguard is cool. Thanks.
Have it working great with basic auth, and now beginning to test kerberos + ldap.
Does “unable to find valid certification path to requested target” mean anything to anyone here?
The exception occurs during setup of the connection to the ldap server (TLSv1) using the 2.4-7 backend, after TLSv1 protocol has been agreed.
[2017-05-05 11:31:40,119][DEBUG][com.floragunn.dlic.auth.ldap.backend.LDAPAuthorizationBackend] Unable to connect to ldapserver due to [org.ldaptive.provider.ConnectionException@329752164::resultCode=PROTOCOL_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.CommunicationException: redacted.example.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Is there any way to configure the searchguard ldap authorization section to accept the certificate without verification? Or any suggestions of another solution?
Yes, I understand a license is required for the ldap and kerberos backends.