AnsweredAssumed Answered

Open LDAP with SSL/TLS and Alfresco 4.0.c

Question asked by ashwini on Jul 13, 2012
Latest reply on Aug 1, 2012 by ashwini
Hi ,
I tried configuring Open LDAP with SSL/TLS with Alfresco 4.0.c and getting exception :
My Configurations are as below :
I have added below line in alfresco-global.properties file
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
Created folder structure as below and copied files from subsystem
copied below files at location /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1
ldap-authentication.properties
ldap-authentication-context.xml
copied below file at /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap
common-ldap-context.xml

updated ldap-authentication.properties as below


ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=uid\=%s,ou\=Users,dc\=companyname,dc\=com
ldap.authentication.java.naming.provider.url=ldaps://ipaddress:636
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=root
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=uid\=xyz,ou\=Users,dc\=companyname,dc\=com
ldap.synchronization.java.naming.security.credentials=**********
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupSearchBase=ou\=Groups,dc\=companyname,dc\=com
ldap.synchronization.userSearchBase=ou\=Users,dc\=companyname,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

then followed instructions as mentioned on below link

http://wiki.alfresco.com/wiki/Ldap_over_SSL#LDAP_Authentication_with_SSL

and restarted Alfresco. I cant not access alfresco at all . Getting exception as below :

SEVERE: Failed to load keystore type pkcs12 with path /opt/alfresco-4.0.c/java/keystore due to toDerInputStream rejects tag type 71
java.io.IOException: toDerInputStream rejects tag type 71
   at sun.security.util.DerValue.toDerInputStream(DerValue.java:806)
   at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1201)
   at java.security.KeyStore.load(KeyStore.java:1185)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:350)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:320)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:513)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:419)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
   at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
   at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
   at org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
   at org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
   at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
13 Jul, 2012 4:53:12 PM org.apache.coyote.http11.Http11Protocol init
SEVERE: Error initializing endpoint
java.io.IOException: toDerInputStream rejects tag type 71
   at sun.security.util.DerValue.toDerInputStream(DerValue.java:806)
   at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1201)
   at java.security.KeyStore.load(KeyStore.java:1185)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:350)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:320)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:513)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:419)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
   at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
   at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
   at org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
   at org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
   at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
13 Jul, 2012 4:53:12 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException:  Protocol handler initialization failed: java.io.IOException: toDerInputStream rejects tag type 71
   at org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
   at org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
   at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
   at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
13 Jul, 2012 4:53:12 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1281 ms
13 Jul, 2012 4:53:12 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
13 Jul, 2012 4:53:12 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.29
13 Jul, 2012 4:53:12 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
13 Jul, 2012 4:53:13 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor alfresco.xml
13 Jul, 2012 4:53:14 PM org.apache.catalina.core.StandardContext addApplicationListener
INFO: The listener "org.apache.myfaces.webapp.StartupServletContextListener" is already configured for this context. The duplicate definition has been ignored.
2012-07-13 16:53:25,452  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Starting 'sysAdmin' subsystem, ID: [sysAdmin, default]
2012-07-13 16:53:25,511  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Startup of 'sysAdmin' subsystem, ID: [sysAdmin, default] complete
2012-07-13 16:53:28,961  ERROR [authentication.ldap.LDAPInitialDirContextFactoryImpl] [main] Unable to connect to LDAP Server; check LDAP configuration
javax.naming.CommunicationException: 172.16.0.159:636 [Root exception is java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)]
   at com.sun.jndi.ldap.Connection.<init>(Connection.java:200)
   at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
   at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
   at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
   at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
   at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
   at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
   at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
   at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
   at javax.naming.InitialContext.init(InitialContext.java:223)
   at javax.naming.InitialContext.<init>(InitialContext.java:197)
   at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.afterPropertiesSet(LDAPInitialDirContextFactoryImpl.java:302)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
   at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
   at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:630)
   at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1003)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:907)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
   at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:580)
   at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4135)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4630)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
   at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
   at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
   at org.apache.catalina.core.StandardService.start(StandardService.java:519)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
   at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
   at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:192)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at com.sun.jndi.ldap.Connection.createSocket(Connection.java:317)
   at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
   … 87 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
   at java.security.Provider$Service.newInstance(Provider.java:1245)
   at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
   at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
   at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
   at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
   at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at com.sun.jndi.ldap.Connection.createSocket(Connection.java:273)
   … 88 more
Caused by: java.io.IOException: Invalid keystore format
   at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
   at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
   at java.security.KeyStore.load(KeyStore.java:1185)
   at com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:202)
   at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultTrustManager(DefaultSSLContextImpl.java:70)
   at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
   at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
   at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
   at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
   at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
   at java.lang.Class.newInstance0(Class.java:355)
   at java.lang.Class.newInstance(Class.java:308)
   at java.security.Provider$Service.newInstance(Provider.java:1221)
   … 98 more

I am really not getting whts failing here. Can anybody help me to resolve this issue.

Thank you so much in advance!!!

Regards,
Ashwini

Outcomes