Identity Manager 4.6
DirXML Log Event
Message: Code(-9205) Error in vnd.nds.stream://VAULT/TEST/DRIVERSET/DRIVER/Publisher/POLICY#XmlData:133 : Couldn't request assignment of role: '<Role DN>' to identity: '<User DN>': com.novell.nds.dirxml.soap.UserAppClientException: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The typical path for the cacerts for this JRE is located at the following in Linux: /opt/novell/eDirectory/lib64/nds-modules/jre/lib/security/cacerts. Consider the following steps:
- Determine which certificate is being used by UserApplication by checking the certificates located at /opt/netiq/idm/apps/jre/lib/security/cacerts. You can get a list of all the certs with the following command: keytool -list -v -keystore cacerts
- From here - if you have access to that same cert, just import it into the IDM Engine cacerts. If you don't have access to it, you can export it from the UserApplication cacerts, and then import it into the IDM Engine cacerts.
- To import, use the following command: keytool -import -alias <newalias> -keystore cacerts -file certificate.der
Once you've setup the IDM Engine cacerts with the certificate used by the UserApplication cacerts, restart eDirectory, and then test the driver again.