LDAP self signed certificate auth fails

Madsonic Server 6.x
Mr.Burns
Posts: 2
Joined: 01 Nov 2017, 14:56
Has thanked: 0
Been thanked: 0

LDAP self signed certificate auth fails

Unread post by Mr.Burns »

=========================================================================================
VERSION: MADSONIC 6.3 | BUILD: 9840
SERVLET: JETTY (not 100% sure)
SERVER: CPU: Ryzen2700 VM | ARCH: X64 | MEMORY: 4GB | HDD: 1TB
OS: Ubuntu 18.04
SYSTEM: SERVER
INSTALLER: DEB
JAVA: Open JDK 1.8.0_171
BROWSER: Edge | Chrome
CLIENT: DSUB
DESCRIPTION: LDAP Self signed auth error
REPRODUCIBLE: YES
=========================================================================================

Dear all,

I set up a LDAP Server (Open LDAP) with a self signed certificate and now I'm trying to authenticate from Madsonic against LDAP.
When using normal LDAP on port 389 everything is fine.
When trying to use LDAPS on port 636 auth fails :(

Madsonic version is 6.3.9840

I've already created a keystore file and added the parameters to madsonic.sh

MADSONIC_DEFAULT_KEYSTORE_PASSWORD=password
MADSONIC_DEFAULT_KEYSTORE=/usr/local/madsonic/madsonic.jks

-Dmadsonic.ssl.keystore=${MADSONIC_DEFAULT_KEYSTORE} \
-Dmadsonic.ssl.password=${MADSONIC_DEFAULT_KEYSTORE_PASSWORD} \

Now I'm getting the following line in madsonic.log

javax.naming.CommunicationException: simple bind failed: XXX.YYY.ZZZ:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]

Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1921)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1904)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1830)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:128)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
... 66 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:91)
at sun.security.validator.Validator.getInstance(Validator.java:179)
at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)


Would be nice if somebody could help me here :) Thanks !

/// German request ////


Hallo zusammen,

ich habe einen LDAP Server mit self signed certificate und versuche von Madsonic gegen diesen zu authentifizieren.
Mit normalem ldap auf Port 389 funktioniert es.
Wenn ich ldaps mit Port 636 nutzen will erhalte ich java exceptions und der Login scheitert.

Das Zertifikat habe ich bereits in einen neu angelegten Keystore importiert und diesen in der madsonic.sh hinterlegt

MADSONIC_DEFAULT_KEYSTORE_PASSWORD=password
MADSONIC_DEFAULT_KEYSTORE=/usr/local/madsonic/madsonic.jks

 -Dmadsonic.ssl.keystore=${MADSONIC_DEFAULT_KEYSTORE} \
 -Dmadsonic.ssl.password=${MADSONIC_DEFAULT_KEYSTORE_PASSWORD} \

Unter anderem erhalte ich diese Meldungen:

javax.naming.CommunicationException: simple bind failed: XXX.YYY.ZZZ:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]

Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1921)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1904)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1830)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:128)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
... 66 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:91)
at sun.security.validator.Validator.getInstance(Validator.java:179)
at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)


Wäre super wenn mir hier jemand helfen könnte :)
Post Reply