Uploaded image for project: 'Pentaho Data Integration - Kettle'
  1. Pentaho Data Integration - Kettle
  2. PDI-19077

PDI - LDAP Input/Output Step

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Severity: Unknown
    • Resolution: Not a Bug
    • Affects Version/s: 8.2.0 GA
    • Fix Version/s: None
    • Labels:
      None
    • Story Points:
      0
    • PDI Sub-component:
    • Notice:
      When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.
    • Operating System/s:
      Windows 10
    • Steps to Reproduce:
      Hide

      Create a ktr with Ldap Input
      Connection on LDAPS (LDAP SSL)

      Host: LDAP server url

      Port: 636

      Use Authentication: Checked
      User: <LDAP USERNAME>
      Password: <LDAP PASSWORD>

      Use certificate: unchecked

      Show
      Create a ktr with Ldap Input Connection on LDAPS (LDAP SSL) Host: LDAP server url Port: 636 Use Authentication: Checked User: <LDAP USERNAME> Password: <LDAP PASSWORD> Use certificate: unchecked

      Description

      The LDAP step when you select a Secure connection but you don't want to use certificates returns this error:

      2021/02/04 10:35:13 - LDAP Input.0 - ERROR (version 8.2.0.0-342, build 8.2.0.0-342 from 2018-11-14 10.30.55 by buildguy) : Error when initializing step execution! org.pentaho.di.core.exception.KettleException:

      2021/02/04 10:35:13 - LDAP Input.0 - It was not possible to initialize the Kettle trust manager

      2021/02/04 10:35:13 - LDAP Input.0 -

      2021/02/04 10:35:13 - LDAP Input.0 - It was not possible to open key store

      While if certificate is enabled and "trust all certificates" is checked, using a local keystore, the error is:

      javax.naming.CommunicationException: simple bind failed: <LDAP URL>:636 [Root exception is javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address <LDAP URL> found]
      simple bind failed: <LDAP URL>

      It seems not possibile to disable the check of certificate common name with the LDAP host.

       

        Attachments

          Activity

            People

            Assignee:
            project admin Triage
            Reporter:
            francesco.crsl francesco
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: