Overview
If you are experiencing authentication failures and you have LDAP/AD configured for your TeleScope environment, it might be the case that it is not configured correctly or the configuration parameters have changed on the directory server. Error messages like Password is incorrect
or unable to find valid certification path to requested target
would be recorded in the ab.log file.
Solution
Diagnosis
If you had LDAPS configured for authentication to TeleScope, then an SSL misconfiguration between TeleScope and an LDAPS server will generate the following error in the ab.log file:
[Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target]
This might be followed by a [ERR] ABDBPlugin::Authenticate(): Password is incorrect
if a failover authentication plugin is configured, Authentication Broker Database(ABDB) plugin in this case, and the user has set different passwords for their account on the two plugin backends.
Note that configuration changes cannot be solved by rebooting involved servers and you have to configure any updated configuration.
Steps To Fix
Follow the steps in the Set up LDAP Plugin for LDAP over SSL section of the linked article to update any changes that might have happened in the remote directory server, including importing any updated certificates. Please follow other sections in the linked article if needed.
Testing
Attempt to log in to Telescope. If the login is successful, you are logging in with LDAPS. (The authentication may be noticeably slower due to the extra handshake measures performed by the certificate.)
Comments
0 comments
Please sign in to leave a comment.