Hitachi Vantara Pentaho Community Forums
Results 1 to 6 of 6

Thread: LDAP Output SSL

  1. #1
    Join Date
    Jun 2013
    Posts
    3

    Default LDAP Output SSL

    I'm trying to build an Integrated Management System in order to create an Active Directory account automatically each time the HR program creates a new employee.
    I'm able to create the active directory user with all the needed fields, but I cannot change its password.
    In Active Directory, you must login with SSL to the AD and update the unicodePwd field. I cannot SSL login to AD with the ETL although I have correctly set the trust store path and the certificate. I can SSL login with java code.
    Each time I perform the Test Connection a message appears: "Error trying to connect to LDAP host.Exception: server:636, socked closed.
    Version 4.4.0
    Thanks in advance.

  2. #2
    Join Date
    Jun 2012
    Posts
    5,534

    Default

    I tried to reproduce your error, but all I could get was:

    Code:
    Caused by: javax.naming.CommunicationException: server-fqdn:636 [Root exception is java.lang.ClassNotFoundException: org.pentaho.di.trans.steps.ldapinput.store.CustomdSocketFactory]
    #PDI-10103

    Start-TLS connections are possible, but I didn't try to set AD passwords that way.
    So long, and thanks for all the fish.

  3. #3
    Join Date
    Jun 2013
    Posts
    3

    Default

    marabu, Start-TLS connection is working fine, but you cannot set password to AD with that kind of connection.
    I'm attaching an image of the error I'm getting when testing the SSL connection.
    Name:  LDAP Output.jpg
Views: 201
Size:  19.7 KB

  4. #4
    Join Date
    Jun 2012
    Posts
    5,534

    Default

    Sorry, your attached image isn't good enough for my weak eyes.
    It seems to be the same message you already posted as text in your opener.
    My interpretation is: This host is not trustworthy due to a missing or outdated certificate.
    Since you already connected with another Java program successfully, I would expect two different truststores to exist in your environment.
    Make sure the chain of trust in your LDAP Output truststore is intact for the server, use keytool for this.
    As soon as you get over this, you will hit the wall described in the JIRA case.
    Read about the latest news over there.
    So long, and thanks for all the fish.

  5. #5
    Join Date
    Jun 2013
    Posts
    3

    Default

    I only have one truststore. I know that because when I use the java app used to test the password change in AD, if I delete the cacerts file located at JAVA_HOME\lib\security it stops working and throw console errors.

    What I have noticed is that I can SSL connect with the LDAP Input in version 4.2.1, but the same ktr is not working in 4.4.0 version.
    I have also noticed that you can select the trust store in LDAP Input step, but in LDAP Output you can only select a folder, you cannot select a file.

    Also, this is the error when tryiing to SSL connect to the LDAP with the LDAP Input step in version 4.4.0:

    org.pentaho.di.core.exception.KettleException:
    Error trying to connect to LDAP host.Exception : kitt.xst.es:636
    kitt.xst.es:636
    at org.pentaho.di.trans.steps.ldapinput.LDAPConnection.connect(LDAPConnection.java:260)
    at org.pentaho.di.ui.trans.steps.ldapinput.LDAPInputDialog.test(LDAPInputDialog.java:1306)
    at org.pentaho.di.ui.trans.steps.ldapinput.LDAPInputDialog.access$1400(LDAPInputDialog.java:82)
    at org.pentaho.di.ui.trans.steps.ldapinput.LDAPInputDialog$15.handleEvent(LDAPInputDialog.java:1229)
    at org.eclipse.swt.widgets.EventTable.sendEvent(Unknown Source)
    at org.eclipse.swt.widgets.Widget.sendEvent(Unknown Source)
    at org.eclipse.swt.widgets.Display.runDeferredEvents(Unknown Source)
    at org.eclipse.swt.widgets.Display.readAndDispatch(Unknown Source)
    at org.pentaho.di.ui.trans.steps.ldapinput.LDAPInputDialog.open(LDAPInputDialog.java:1280)
    at org.pentaho.di.ui.spoon.delegates.SpoonStepsDelegate.editStep(SpoonStepsDelegate.java:136)
    at org.pentaho.di.ui.spoon.Spoon.editStep(Spoon.java:7835)
    at org.pentaho.di.ui.spoon.trans.TransGraph.editStep(TransGraph.java:2749)
    at org.pentaho.di.ui.spoon.trans.TransGraph.mouseDoubleClick(TransGraph.java:705)
    at org.eclipse.swt.widgets.TypedListener.handleEvent(Unknown Source)
    at org.eclipse.swt.widgets.EventTable.sendEvent(Unknown Source)
    at org.eclipse.swt.widgets.Widget.sendEvent(Unknown Source)
    at org.eclipse.swt.widgets.Display.runDeferredEvents(Unknown Source)
    at org.eclipse.swt.widgets.Display.readAndDispatch(Unknown Source)
    at org.pentaho.di.ui.spoon.Spoon.readAndDispatch(Spoon.java:1221)
    at org.pentaho.di.ui.spoon.Spoon.waitForDispose(Spoon.java:7044)
    at org.pentaho.di.ui.spoon.Spoon.start(Spoon.java:8304)
    at org.pentaho.di.ui.spoon.Spoon.main(Spoon.java:580)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.pentaho.commons.launcher.Launcher.main(Launcher.java:134)
    Caused by: javax.naming.CommunicationException: kitt.xst.es:636 [Root exception is java.lang.ClassNotFoundException: org.pentaho.di.trans.steps.ldapinput.store.CustomdSocketFactory]
    at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
    at org.pentaho.di.trans.steps.ldapinput.LDAPConnection.connect(LDAPConnection.java:239)
    ... 26 more
    Caused by: java.lang.ClassNotFoundException: org.pentaho.di.trans.steps.ldapinput.store.CustomdSocketFactory
    at java.net.URLClassLoader$1.run(Unknown Source)
    at java.net.URLClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Unknown Source)
    at com.sun.jndi.ldap.VersionHelper12.loadClass(Unknown Source)
    at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)
    ... 40 more

  6. #6
    Join Date
    Jun 2012
    Posts
    5,534

    Default

    You are right, the LDAP Output step in version 4.4.0 uses a DirectoryDialog instead of a FileDialog to browse for a truststore.
    This is a minor annoyance, since you can add the filename to the selected truststore path manually.
    If you do you should see the same error as with the LDAP Input step, because the error is actually a mistyped classname in class LDAPConnection.
    And if you check out the JIRA case I pointed to, you can see that Pentaho already reacted.
    So long, and thanks for all the fish.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.