LDAP Proxy query error "Unable to connect to the LDAP Server"

Steven_Xu
New Contributor III
New Contributor III

Environment:
JSS Server: Ubuntu 16.0.4
Java Version: openjdk-11.0.4
Jamf Pro: 10.15.1
LDAP Proxy Server-Infrastructure Manager: Windows 2016
AD: Windows 2016

Issues:
LDAP configured and can query user and group, if enable LDAP Proxy, query failed with error "Unable to connect to the LDAP Server. Ensure you can connect to ldap://ldapproxy.example.com:8389"

Check the Jamf Pro Server log, found this message "[ERROR] [Thread-36 ] [LdapDirContextFactory ] - javax.naming.CommunicationException: ldapproxy.example.com:8389 [Root exception is javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]"

Solution:

change "Keystore type : PKCS12" to "Keystore type : JKS" in file /etc/ssl/certs/java/cacerts

$keytool -list -keystore /etc/ssl/certs/java/cacerts -storepass changeit | grep 'Keystore type:'
Keystore type: PKCS12
$mv /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.old
$keytool -importkeystore -destkeystore /etc/ssl/certs/java/cacerts -deststoretype jks -deststorepass changeit -srckeystore /etc/ssl/certs/java/cacerts.old -srcstoretype pkcs12 -srcstorepass changeit
$keytool -list -keystore /etc/ssl/certs/java/cacerts -storepass changeit | grep 'Keystore type:'
Keystore type: JKS

https://bugs.launchpad.net/ubuntu/+source/openjdk-9/+bug/1743139

0 REPLIES 0