Login failure: unable to find valid certification path to requested target

Hi all,

I have teamcity configured to authenticate against our Active Directory domain.  It's been working perfectly for a months now. We had a power blip last night, and today people are no longer able to login to Teamcity.  I am using ldaps for the connection.

Looking at the ldap log, I see this:

[2014-06-25 17:32:11,858]   WARN -     jetbrains.buildServer.LDAP - Search in LDAP: base='', filter='(sAMAccountName=iloving)', scope=2, attributes=[sAMAccountName, distinguishedName] resulted in error
[2014-06-25 17:32:11,862]   INFO -     jetbrains.buildServer.LDAP - Failed to find user in LDAP by 'iloving'. Cause: nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: simple bind failed: jonahgroup.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]
Most common reason for this error: LDAP server doesn't process referrals.
Please verify the following property:
  java.naming.referral
and try to set it to 'follow'


Most common reason for this error: LDAP server doesn't process referrals.

Yet when I restart teamcity, the log clearly shows teamcity happily connecting to active directory and synchronizing the user and group info.

I've been tearing my hair out trying to figure out what is causing this strange behaviour, without success.

The AD server in question is using a proper certificate; not self-signed.  I've made sure the root, immediate, and server certificates are all loaded into the system java keystore.

The Teamcity box is running Centos 6.5.
The java version is 1.6u45.
teamcity is 8.0.4 enterprise/pro/the-we-paid-money-for-it-version/etc

Does anybody have any ideas?

3 comments
Comment actions Permalink

Hi,

It looks like certificate was not loaded, but we have no ability to check it now. Did you start TeamCity the same way as you usually do it?
If the issue is reproduced please check TeamCity Administration->Diagnostics JVM arguments (login as super user). If all arguments are correct but ldap login is failed please create an issue http://youtrack.jetbrains.com/issues/TW.

0
Comment actions Permalink

I've solved(ish) my problem.

First, I upgraded to 8.0.6 in the faint hope that that would help.  It didn't.

I ended up logging into teamcity using the recovery token, then went to authentication and changed it to advanced.  From there, I remove LDAP authentication and replaced it with Windows Domain authentication.

So I basically cheated and bypassed the problem.

0
Comment actions Permalink

Where does teamcity put it's certificates?  I verified that the certificates existed in the default java keystore on the system
( /usr/java/default/jre/lib/security/cacerts )

1

Please sign in to leave a comment.