[ome-users] LDAP : Path does not chain with any of the trust anchors

Mason, David [dnmason] D.N.Mason at liverpool.ac.uk
Wed Jul 26 14:17:10 BST 2017


Hello List,


I'm running OMERO 5.3.1-ice36-b61 on a Ubuntu 14.04LTS server authenticating with LDAP. Just last week, an LDAP user noticed that they couldn't log in (Error user-side is "Error: Connection not available, please check your user name and password.". I checked the logs and I'm getting the following bind failure:


2017-07-24 10:56:38,787 ERROR [     o.s.blitz.fire.PermissionsVerifierI] (erver-2819) Exception thrown while checking password for:[myUserName]
ome.conditions.InternalException:  Wrapped Exception: (org.springframework.ldap.CommunicationException):
simple bind failed: [myServer]:636; nested exception is javax.naming.CommunicationException: simple bind failed: [myServer]:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors]


Local users can still log in (same with Public), but LDAP is failing for a reason unbeknown to me.


Two questions:

1) Any thoughts on why this might happen (my IT department say nothing has changed on their side - and in fairness my other LDAP calls work - ie on another server)

2) I tried setting [omero.ldap.config=false] hoping that the logins would fall back to the cached database but I get the same error on login. Is this expected behaviour?


Any thoughts appreciated,

Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-users/attachments/20170726/4aa9f915/attachment.html>


More information about the ome-users mailing list