correajl commented on issue #8637: URL: https://github.com/apache/cloudstack/issues/8637#issuecomment-1944512592
After upgrade from 4.17.2 to 4.19.0, management.log was showing errors with cloud.jks and LDAP users couldn't authenticate. ``` DEBUG [o.a.c.l.LdapManagerImpl] (qtp1753127384-22:ctx-cfc59ea9) (logid:c7732509) ldap Exception: javax.naming.CommunicationException: ldapserver.mydomain:636 [Root exception is java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)] Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) Caused by: java.security.KeyStoreException: problem accessing trust store Caused by: java.io.IOException: keystore password was incorrect Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption. ``` In my case the LDAP server accepts anonymous bind. So, instead of updating the value for _ldap.bind.password_ (there is no line with this value) I had to update lines with _ldap.truststore.password._ After that LDAP users are authenticating again. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
