Help with LDAPS
Seemed straight forward, but encountering error after change. Running latest TeamCity on windows server in domain. After changing to LDAPS, I'm seeing this error when trying to query. (I've omitted actual domain/server names).
Error while retrieving LDAP users, skipping users synchronization: LDAP search operation returned an error while retrieving users. While initializing LDAP connection. Inaccessible or wrong server specified in the LDAP configuration? Check 'java.naming.provider.url' property (current value: 'ldaps://server.domain.local:636/DC=domain,DC=local'). Original error: org.springframework.ldap.CommunicationException: server.domain.local:636; nested exception is javax.naming.CommunicationException: server.domain.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Skipping groups synchronization as user synchronization failed with an error
I think this is a Java problem, but not sure how to proceed.
Please sign in to leave a comment.
The relevant portion of the error message is
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.This means that TeamCity does not trust the certificate for server.domain.local because it is unable to determine if the certificate is valid. There are several reasons this occur:
To fix the error, we typically suggest the following (in no particular order):
Thank you, importing the ldap cert into the Java keystore used by TeamCity was what I was missing!.