Hi,

I'm facing an issue with a custom java code since I've upgraded to
eDir 8.8.5.
I'm using IDM 3.6. Time ago I've done a java class (called from a
Dirxml rule) to update my secretstore everytime the nspmDistribution
password is changed. It worked well but now when the ndsd service is
opened from a long time, my code throws this exception

com.novell.xml.xpath.XPathEvaluationException: function
call to 'store:setupConnection' resulted in an error:
'javax.naming.CommunicationException: simple bind failed:
172.17.5.100:636
[Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
su
n.security.provider.certpath.SunCertPathBuilderExc eption: unable to
find valid certification path to requested target]'.

The certificate is on the right path and it's valid. In fact if I
restart ndsd my java class comes back to do his job as expected.

This is the java source code (it works perfectly from a client, too):

//ensure the default JSSE provider is added by dynamically
adding it
try {
Class cls =
Class.forName("com.sun.net.ssl.internal.ssl.Provid er");
Provider sunJsse = (Provider) cls.newInstance();
Security.addProvider(sunJsse);
} catch (Throwable t) {
//do nothing, may already be added or another provider may
be in use
}

//form the LdapContext environment properties
Hashtable env = new Hashtable();

System.setProperty("javax.net.ssl.trustStore",
"/opt/novell/cacerts");
System.setProperty("javax.net.ssl.trustStorePasswo rd",
"thePassword");

env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_PROTOCOL, "ssl");

env.put(Context.PROVIDER_URL, url);
env.put(Context.SECURITY_PRINCIPAL, securityPrincipal);
env.put(Context.SECURITY_CREDENTIALS, securityCredentials);
env.put(Context.SECURITY_AUTHENTICATION, "simple");

LdapContext initial = new InitialLdapContext(env, null);

Hashtable senv = new Hashtable();
senv.put(JNDISecretStore.SECRET_STORE,
"com.novell.security.sso.ldap.jndi.JNDISecretStore ");
senv.put(JNDISecretStore.TARGET_DN, securityUser);
//securityPrincipal
senv.put(JNDISecretStore.HANDLE, ctx);

store = JNDISecretStore.getInstance(senv);

I don't understand how a certificate could work only for a certain
period. Could it be a timeout problem during the call, when the
performances decrease?

Any hint is appreciated.

Thanks in advance

Natan Sanson


--
nsanson
------------------------------------------------------------------------
nsanson's Profile: http://forums.novell.com/member.php?userid=1637
View this thread: http://forums.novell.com/showthread.php?t=409360