Hello!
I am having troubles with the setting up of LDAPS for XWiki.
In the default mode everything works perfectly, but, I am not able to bring LDAPs for the whole day.
Both ports 636 and 389 are open on the firewall. XWiki runs at OpenShift, and I am rebuilding the LTS container:
spec:
nodeSelector: null
output:
to:
kind: ImageStreamTag
name: 'oc-xwiki:latest'
resources:
limits:
cpu: '2'
memory: 512Mi
successfulBuildsHistoryLimit: 5
failedBuildsHistoryLimit: 5
strategy:
type: Docker
dockerStrategy: {}
postCommit: {}
source:
type: Dockerfile
dockerfile: |-
FROM xwiki:lts
COPY /.ssl /usr/local/share/ca-certificates
RUN chgrp -R 0 /usr/local/tomcat/webapps/ROOT && \
chmod -R g=u /usr/local/tomcat/webapps/ROOT && \
chgrp -R 0 /usr/local/xwiki && \
chmod -R g=u /usr/local/xwiki && \
update-ca-certificates && \
ls /usr/local/share/ca-certificates/ && \
pwd && \
keytool -import -noprompt -trustcacerts -alias ouradserver.lan.somewhere.at -file /usr/local/share/ca-certificates/certroot.crt -storepass 'changeit' -keystore /opt/java/openjdk/lib/security/cacerts
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["xwiki"]
configMaps:
- configMap:
name: ad-cert
destinationDir: .ssl
runPolicy: Serial
status:
lastVersion: 13
Root cert is incoming from ad-cert config map.
As a path for keystore I use /opt/java/openjdk/lib/security/cacerts and I tried the different ones.
Still, when SSL is off - login works. If I switch it on - invalid credentials at the login page.
Also, “Test connection” behaves strangely - I can press 5 times and get error and then again test successful.
Caused by: LDAPException: I/O Exception on host ouradserver.lan.somewhere.at, port 636 (91) Connect Error
java.net.SocketException: Connection or outbound has closed
at com.novell.ldap.Connection.writeMessage(Connection.java:798)
at com.novell.ldap.Connection.writeMessage(Connection.java:730)
at com.novell.ldap.Message.sendMessage(Message.java:101)
at com.novell.ldap.MessageAgent.sendMessage(MessageAgent.java:286)
at com.novell.ldap.LDAPConnection.sendRequestToServer(LDAPConnection.java:3743)
at com.novell.ldap.LDAPConnection.bind(LDAPConnection.java:1535)
at com.novell.ldap.LDAPConnection.bind(LDAPConnection.java:1399)
at com.novell.ldap.LDAPConnection.bind(LDAPConnection.java:1361)
at org.xwiki.contrib.ldap.XWikiLDAPConnection.bind(XWikiLDAPConnection.java:429)
at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:235)
... 241 more
Caused by: java.net.SocketException: Connection or outbound has closed
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(Unknown Source)
at com.novell.ldap.Connection.writeMessage(Connection.java:771)
... 250 more
What am I doing wrong?
Thank you!