Summary
Error
Using SA Java Client, the LDAP user receives the following error
javax.naming.CommunicationException: simple bind failed: 192.0.0.100:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Twist logs contain the full exception in /var/log/opsware/twist/server.log.0:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 18 more
2012-09-19 09:03:05,963 WARNING Thread-12 [com.opsware.fido.impl.externaluser.ExternalUserUtil] [getUserVOs] [Ljava.lang.StackTraceElement;@478b857c
2012-09-19 09:03:05,969 SEVERE Thread-12 [com.opsware.fido.impl.user.UserImpl] [verifyPassword] failed to update external user
ID for user SA_user. <message=''> simple bind failed: 192.0.0.100:636
2012-09-19 09:03:06,033 WARNING Thread-12 [com.opsware.login.LdapLoginModule] [verifyPassword] simple bind failed: 192.0.0.100:636
These errors prevent SA users whose login info is integrated/derived from LDAP from logging into the SA Ngui.
Cause
The error is thrown when an invalid certificate is used in twist LDAP configuration.
Fix
Use /opt/opsware/twist/ldap_config.sh to configure the path to a valid LDAP certificate.