Hi, Having the below exception while OpenDistro trying to authenticate the LDAP server.
[2021-01-29T14:23:05,268][WARN ][c.a.d.a.l.b.LDAPAuthorizationBackend] [elastic] Unable to connect to ldapserver ldapserver.com:636 due to [org.ldaptive.provider.ConnectionException@1084532686::resultCode=PROTOCOL_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.CommunicationException: ldapservercom:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target], providerException=javax.naming.CommunicationException: ldapserver.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]. Try next.
[2021-01-29T14:23:05,270][WARN ][c.a.o.s.a.BackendRegistry] [elastic] Authentication finally failed for elastic from 192.168.0.1:52081
below is the config .yml have been using .
ldap: description: "Authenticate via LDAP or Active Directory" http_enabled: true transport_enabled: true order: 1 http_authenticator: type: "basic" challenge: false authentication_backend: type: "ldap" config: enable_ssl: true enable_start_tls: false enable_ssl_client_auth: false verify_hostnames: false hosts: - ldapserver.com:636 bind_dn: "cn=xxx,ou=xxxx,o=xxxx" password: "xxxxxxx" userbase: "ou=xxxx,ou=xxxx,o=xxxx" enabled_ssl_protocols: - "TLSv1.2" pemtrustedcas_filepath: "cert/ssl/admin.pem" usersearch: "(sAMAccountName={0})" username_attribute: "uid" authz: roles_from_myldap: description: "Authorize via LDAP or Active Directory" http_enabled: true transport_enabled: true authorization_backend: type: "ldap" config: enable_ssl: true enable_start_tls: false enable_ssl_client_auth: false verify_hostnames: false hosts: - "ldapserver.com:636" bind_dn: "CN=xxxx,OU=xxx,O=xxx" password: "xxxxxxxxxxxxx" userbase: "OU=xxxx,OU=xxx,O=xxxx" usersearch: "(sAMAccountName={0})" username_attribute: "uid" enabled_ssl_protocols: - "TLSv1.2" pemtrustedcas_filepath: "cert/ssl/admin.pem" rolebase: 'OU=xxxx,OU=xxxx,O=xxx' rolesearch: '(member={0})' userroleattribute: null userrolename: none rolename: cn resolve_nested_roles: false