Failed to connect to LDAP server. javax.naming.CommunicationException during secure ldap connection with RHDG

Solution Verified - Updated -

Issue

  • It seems that there's some issue enabling TLS with the ldap server.
    Per infinispan xsd (https://infinispan.org/schemas/infinispan-server-14.0.xsd): we can specify the ssl context by indicating the realm name using the client-ssl-context attribute:
<xs:complexType name="security-realm-ldap">
    <xs:annotation>
        <xs:documentation> Defines an LDAP security realm. </xs:documentation>
    </xs:annotation>
    <xs:sequence>
        <xs:element type="tns:credential-reference" name="credential-reference" minOccurs="0"/>
        <xs:element type="tns:ldap-name-rewriter" name="name-rewriter" minOccurs="0"/>
        <xs:element type="tns:ldap-identity-mapping" name="identity-mapping" minOccurs="0" maxOccurs="unbounded"/>
    </xs:sequence>
    <!--Other attributes omitted-->
    <xs:attribute type="xs:string" name="client-ssl-context">
        <xs:annotation>
            <xs:documentation> The name of a realm which provides a trust store with which to validate SSL client connections. </xs:documentation>
        </xs:annotation>
    </xs:attribute>
</xs:complexType>
  • However it's not working due to the following error as stated below for reference
Caused by: org.infinispan.commons.configuration.io.ConfigurationReaderException: Unexpected attribute 'client-ssl-context' encountered/$Infinispan_Home/server/server/conf/infinispan.xml[42,180]
        at org.infinispan.configuration.parsing.ParseUtils.unexpectedAttribute(ParseUtils.java:71)
  • If we create a new security realm that uses ldap authentication exclusively and configure the ssl identities we are getting communication error as wildfly security did not attempt to use the configured javax.net.SocketFactory from the realm.
2024-05-23 15:14:14,767 DEBUG (blocking-thread-node1-p3-t1) [org.wildfly.security] Could not create [class javax.naming.ldap.InitialLdapContext]. Failed to connect to LDAP server. javax.naming.CommunicationException: ldaps-reg1-sg.sgp.dbs.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
        at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:253)

Environment

  • Red Hat Datagrid(RHDG)
    • 8.X

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content