Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-04-24

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
06:15 aldaris joined #openam
07:13 pfreixes joined #openam
07:31 hos001 joined #openam
09:22 aldaris joined #openam
11:43 MegaMatt joined #openam
12:32 rghose joined #openam
12:32 rghose hey, password change fails with Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered an ldap exception.  53
12:34 aldaris active directory?
12:35 rghose yeah
12:35 aldaris then be sure you understand how Active Directory works
12:35 asyd :)
12:35 rghose hm, just saw this: http://blogs.forgerock.org/petermajor/2013/08/fun-with-active-directory/
12:35 aldaris yeah, it's always a good idea to read my blog :p
12:36 aldaris I know, asyd ;) haven't forgot about it, just lazy a little bit :)
12:36 rghose so how do I use ssl?
12:36 rghose just enable OpenAM to run on SSL?
12:36 aldaris talk to your AD admin
12:36 rghose aah k
12:39 rghose So I would also need to change the port for DataStore settings?
12:39 aldaris you bet
12:40 rghose thanks man :)
13:00 rghose @aldaris, cannot seem to connect from OpenAM now
13:02 rghose org.forgerock.opendj.ldap.ConnectionException: Connect Error: No operational connection factories available
13:03 rghose I also get this: org.forgerock.opendj.ldap.ReferralException: Referral: 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
13:04 rghose Caused by: org.forgerock.opendj.ldap.ConnectionException: Connect Error
13:04 rghose for "No operational connection factories available"
13:12 rghose no Subjects are being scanned
13:13 aldaris it's hard to scan anything if the connection cannot be established
13:13 rghose @aldaris: lol!
13:13 rghose yeah, but any ideas why?
13:14 rghose when I check out SSL it works fine
13:15 rghose and ssl is enabled on the server btw
13:16 aldaris trust issues I suppose
13:16 aldaris look at the logs
13:16 aldaris they are helpful
13:16 rghose hmm will.do
13:30 pfreixes joined #openam
13:31 pfreixes joined #openam
14:29 rghose @aldaris: Caused by: org.forgerock.opendj.ldap.ConnectionException: Connect Error: General SSLEngine problem
14:29 rghose I now get this ^
14:30 rghose Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
14:30 aldaris did you tick the SSL option as well?
14:30 rghose yes
14:30 rghose Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
14:30 aldaris there you go
14:30 rghose hmm well what is that supposed to mean?
14:30 asyd classic issue
14:30 rghose wow
14:30 aldaris now google that and enjoy the world of JKS
14:31 rghose sure thing!
14:31 aldaris or well, get a proper cert :)
14:31 asyd rghose: get the CA used by your ad and add it to $JAVA_HOME/lib/security/cacerts
14:31 aldaris ehem, not all the web containers are using the JDK's truststore
14:32 asyd ah yeah
14:32 asyd tomcat odes by default ;p
14:32 rghose I am using tomcat if that is any relief
14:32 aldaris still it can be configured to an external keystore (but probably you haven't)
14:33 rghose all this is pretty much swaheli to me
14:35 rghose @asyd: copy and paste will work?
14:36 aldaris copy what?
14:36 rghose the cert ?
14:36 aldaris you'll need to import it into the keystore
14:36 rghose aah using keytool, got it
14:37 asyd keytool -import -file cacert.pem -trustcacerts -keystore cacerts, password: changeit
14:37 aldaris -alias mystupidadcert :)
14:37 rghose :P
14:37 asyd :)
14:49 rghose oh well, getting the same error again
14:49 rghose PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
14:55 rghose restarted tomcat also
14:57 aldaris then you may have included the incorrect cert
14:58 aldaris openssl s_client -connect adhost:636
14:58 aldaris grab the cert from there, put it into a PEM file and try again
14:58 rghose works
14:59 rghose that command
14:59 rghose SSL handshake has read 2895 bytes and written 601 bytes
14:59 aldaris kind of expected the command to work, now follow the instructions :)
14:59 rghose aah ok
15:01 rghose the stuff inside the BEGIN CERTIFICATE ?
15:03 aldaris yeah, with the BEGIN and END lines
15:14 rghose hm, still the same
15:15 aldaris have you restarted tomcat?
15:18 rghose yeah
15:21 rghose omg, wrong cacerts file :P
15:22 rghose thanks everyone, works! :)
15:25 rghose change password give this error : Unwilling to Perform: 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
15:25 rghose I thought ssl would solve this :(
15:27 aldaris windows 2k12?
15:27 rghose windows server 2008 R2
15:28 rghose on navigating via: openam/password
15:28 rghose I get this: The password cannot be reset for this user.
15:28 rghose I can however, set other attributes
15:45 rghose Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered an ldap exception.  53
16:04 aldaris joined #openam
16:05 aldaris rghose: is the rest of my blog post revealing the root cause?
16:25 aldaris joined #openam
16:52 aldaris joined #openam
18:56 hos001 left #openam
19:16 sayakb joined #openam
19:27 aldaris joined #openam
19:29 Topic for #openam is now Chat about the OpenAM project - https://backstage.forgerock.com/#/downloads - OpenAM 11.0.0 is out!!! - OpenAM 10.0.2 is out!!! Channel logs at: http://irclog.perlgeek.de/openam/today
21:00 jfroot joined #openam
21:00 jfroot Quick question about licensing.. we like and want to use OpenAM.. however when I called them today, I was informed that they will not license for anything less than 1000 users
21:00 jfroot this seems crazy to me.. is there any way around this?
21:44 jfroot answering my own question.. it seems that if I download the source from them and build it myself I can use it legally in production without a subscription
21:53 aldaris joined #openam
21:54 aldaris jfroot that sounds odd to me
21:55 jfroot me too.. but that just seems how it is.
21:55 aldaris first I hear of this really
21:55 aldaris I ask around
21:55 jfroot when I talked to the sales dept. they basically did not want to talk to me when they found out I was 50 users
21:56 jfroot we are keen to run the product and are willing to pay for maintenance/support
21:59 aldaris alright
22:00 aldaris I'll ask around today/tomorrow, I may be able to give you some update next week on this
22:03 jfroot thanks!
22:05 aldaris jfroot which part of the world are you from?
22:05 jfroot BC, Canada
22:05 aldaris cool, thanks

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary