Skip to Content.
Sympa Menu

grouper-users - [grouper-users] SASL TLS/EXTERNAL private key issue

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] SASL TLS/EXTERNAL private key issue


Chronological Thread 
  • From: Francesco Malvezzi <>
  • To: "" <>
  • Subject: [grouper-users] SASL TLS/EXTERNAL private key issue
  • Date: Wed, 22 May 2013 08:36:08 +0200
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none
  • Unimore-x-sa-score: -1.2
psp was working with SASL TLS/EXTERNAL,

(ldap.properties)
[...]
# authn for sasl external (certificates)
edu.vt.middleware.ldap.authtype=EXTERNAL
edu.vt.middleware.ldap.tls=true
#edu.vt.middleware.ldap.serviceUser=cn=grouper,ou=agents,dc=unimore,dc=it
# these to use PEM format cert and key
pemCaFile=/etc/ssl/certs/tcs-chain.pem
pemCertFile=/etc/ssl/certs/grouper.pem
pemKeyFile=/opt/grouper/conf/grouper.key
[...]

but a few days ago certificate was renewed and grouper refuses to
restart with the following strack trace:

grouper.properties read from:
/opt/grouper.apiBinary-2.1.2/conf/grouper.properties
Grouper current directory is: /opt/grouper.apiBinary-2.1.2
log4j.properties read from:
/opt/grouper.apiBinary-2.1.2/conf/log4j.properties
Grouper logs are not using log4j: class
org.apache.commons.logging.impl.SLF4JLocationAwareLog
grouper.hibernate.properties:
/opt/grouper.apiBinary-2.1.2/conf/grouper.hibernate.properties
grouper.hibernate.properties:
GROUPER@jdbc:oracle:thin:@oracle10g.dmz-int.unimo.it:1521:orasia
sources.xml read from: /opt/grouper.apiBinary-2.1.2/conf/sources.xml
sources.xml groupersource id: g:gsa
sources.xml ldap source id: unimore: ldap.properties
sources.xml groupersource id: grouperEntities
2013-05-18 08:48:50,983: [main] INFO EventLog.info(156) - -
[a3699feb761249d3a53a87ff72bbfe99,'GrouperSystem','application']
session: start (205ms)
2013-05-18 08:48:50,990: [main] INFO EventLog.info(156) - -
[c79c8b14a3a642f694d27032266dc6b4,'GrouperSystem','application']
session: start (5ms)
2013-05-18 08:48:51,097: [main] INFO EventLog.info(156) - -
[48a73ae2d4634f1687cd1c9f848b8035,'GrouperSystem','application']
session: start (1ms)
2013-05-18 08:48:51,127: [main] INFO EventLog.info(156) - -
[ddaf05fa965a4a99b5ba706839f4b64b,'GrouperSystem','application']
session: start (2ms)
2013-05-18 08:48:51,215: [main] INFO EventLog.info(156) - -
[3612cf22ab674d7dbe9f3fa3ba68aef4,'GrouperSystem','application']
session: start (4ms)
2013-05-18 08:48:51,634: [main] INFO EventLog.info(156) - -
[d55b72270f4b4b1e8f7f5ca5344953e9,'GrouperSystem','application']
session: start (1ms)
2013-05-18 08:48:51,895: [main] INFO EventLog.info(156) - -
[345f0f65a7494dab8261f24d189a6929,'GrouperSystem','application']
session: start (1ms)
2013-05-18 08:48:51,909: [main] INFO EventLog.info(156) - -
[5def03e7d5464848b1ea8ad53435cf84,'GrouperSystem','application']
session: start (1ms)
2013-05-18 08:48:51,957: [main] ERROR
LdapPEMSocketFactory.initManagers(136) - - ldap source cert/key error:
java.io.IOException: encountered invalid integer tag 48 at 7
2013-05-18 08:48:52,021: [main] ERROR DefaultLdapFactory.create(109) - -
unabled to connect to the ldap
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 7 -
SASL(-4): no mechanism available: ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3023)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2593)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2567)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2563)
at
javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:190)
at
edu.vt.middleware.ldap.handler.TlsConnectionHandler.connectInternal(TlsConnectionHandler.java:161)
at
edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:156)
at edu.vt.middleware.ldap.AbstractLdap.connect(AbstractLdap.java:1006)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:106)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:28)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.createAvailable(AbstractLdapPool.java:212)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initializePool(AbstractLdapPool.java:155)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initialize(AbstractLdapPool.java:128)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.initializeLdap(LdapSourceAdapter.java:284)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:586)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:576)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:672)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:307)
at
edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:111)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig$1.callback(GrouperCheckConfig.java:443)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:801)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:439)
at
edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:132)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:151)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
2013-05-18 08:48:52,083: [main] ERROR DefaultLdapFactory.create(109) - -
unabled to connect to the ldap
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 7 -
SASL(-4): no mechanism available: ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3023)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2593)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2567)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2563)
at
javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:190)
at
edu.vt.middleware.ldap.handler.TlsConnectionHandler.connectInternal(TlsConnectionHandler.java:161)
at
edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:156)
at edu.vt.middleware.ldap.AbstractLdap.connect(AbstractLdap.java:1006)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:106)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:28)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.createAvailable(AbstractLdapPool.java:212)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initializePool(AbstractLdapPool.java:155)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initialize(AbstractLdapPool.java:128)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.initializeLdap(LdapSourceAdapter.java:284)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:586)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:576)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:672)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:307)
at
edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:111)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig$1.callback(GrouperCheckConfig.java:443)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:801)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:439)
at
edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:132)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:151)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
2013-05-18 08:48:52,136: [main] ERROR DefaultLdapFactory.create(109) - -
unabled to connect to the ldap
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 7 -
SASL(-4): no mechanism available: ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3023)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2593)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2567)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2563)
at
javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:190)
at
edu.vt.middleware.ldap.handler.TlsConnectionHandler.connectInternal(TlsConnectionHandler.java:161)
at
edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:156)
at edu.vt.middleware.ldap.AbstractLdap.connect(AbstractLdap.java:1006)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:106)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:28)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.createAvailable(AbstractLdapPool.java:212)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initializePool(AbstractLdapPool.java:155)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initialize(AbstractLdapPool.java:128)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.initializeLdap(LdapSourceAdapter.java:284)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:586)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:576)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:672)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:307)
at
edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:111)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig$1.callback(GrouperCheckConfig.java:443)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:801)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:439)
at
edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:132)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:151)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
2013-05-18 08:48:52,187: [main] ERROR DefaultLdapFactory.create(109) - -
unabled to connect to the ldap
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 7 -
SASL(-4): no mechanism available: ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3023)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2593)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2567)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2563)
at
javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:190)
at
edu.vt.middleware.ldap.handler.TlsConnectionHandler.connectInternal(TlsConnectionHandler.java:161)
at
edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:156)
at edu.vt.middleware.ldap.AbstractLdap.connect(AbstractLdap.java:1006)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:106)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:28)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.createAvailable(AbstractLdapPool.java:212)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initializePool(AbstractLdapPool.java:155)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initialize(AbstractLdapPool.java:128)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.initializeLdap(LdapSourceAdapter.java:284)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:586)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:576)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:672)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:307)
at
edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:111)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig$1.callback(GrouperCheckConfig.java:443)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:801)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:439)
at
edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:132)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:151)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
2013-05-18 08:48:52,239: [main] ERROR DefaultLdapFactory.create(109) - -
unabled to connect to the ldap
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 7 -
SASL(-4): no mechanism available: ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3023)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2593)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2567)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2563)
at
javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:190)
at
edu.vt.middleware.ldap.handler.TlsConnectionHandler.connectInternal(TlsConnectionHandler.java:161)
at
edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:156)
at edu.vt.middleware.ldap.AbstractLdap.connect(AbstractLdap.java:1006)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:106)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:28)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.createAvailable(AbstractLdapPool.java:212)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initializePool(AbstractLdapPool.java:155)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initialize(AbstractLdapPool.java:128)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.initializeLdap(LdapSourceAdapter.java:284)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:586)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:576)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:672)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:307)
at
edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:111)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig$1.callback(GrouperCheckConfig.java:443)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:801)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:439)
at
edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:132)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:151)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
2013-05-18 08:48:52,292: [main] ERROR DefaultLdapFactory.create(109) - -
unabled to connect to the ldap
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 7 -
SASL(-4): no mechanism available: ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3023)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2593)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2567)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2563)
at
javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:190)
at
edu.vt.middleware.ldap.handler.TlsConnectionHandler.connectInternal(TlsConnectionHandler.java:161)
at
edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:156)
at edu.vt.middleware.ldap.AbstractLdap.connect(AbstractLdap.java:1006)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:106)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:28)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.createAvailable(AbstractLdapPool.java:212)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initializePool(AbstractLdapPool.java:155)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.initialize(AbstractLdapPool.java:128)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.initializeLdap(LdapSourceAdapter.java:284)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:586)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:576)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:672)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:307)
at
edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:111)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig$1.callback(GrouperCheckConfig.java:443)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:801)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:439)
at
edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:132)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:151)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
2013-05-18 08:48:52,293: [main] ERROR
LdapSourceAdapter.initializeLdap(287) - - Error creating ldappool =
java.lang.IllegalStateException: Could not initialize pool
2013-05-18 08:48:52,347: [main] ERROR DefaultLdapFactory.create(109) - -
unabled to connect to the ldap
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 7 -
SASL(-4): no mechanism available: ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3023)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2593)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2567)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2563)
at
javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:190)
at
edu.vt.middleware.ldap.handler.TlsConnectionHandler.connectInternal(TlsConnectionHandler.java:161)
at
edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:156)
at edu.vt.middleware.ldap.AbstractLdap.connect(AbstractLdap.java:1006)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:106)
at
edu.vt.middleware.ldap.pool.DefaultLdapFactory.create(DefaultLdapFactory.java:28)
at
edu.vt.middleware.ldap.pool.AbstractLdapPool.createActive(AbstractLdapPool.java:237)
at
edu.vt.middleware.ldap.pool.SoftLimitLdapPool.checkOut(SoftLimitLdapPool.java:99)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:624)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:576)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:672)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:307)
at
edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:111)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig$1.callback(GrouperCheckConfig.java:443)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:801)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:439)
at
edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:132)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:151)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
2013-05-18 08:48:52,349: [main] ERROR SoftLimitLdapPool.checkOut(106) -
- Could not service check out request
2013-05-18 08:48:52,349: [main] ERROR
LdapSourceAdapter.getLdapResultsHelper(654) - - Ldap Exception: Pool is
empty and object creation failed
edu.vt.middleware.ldap.pool.LdapPoolExhaustedException: Pool is empty
and object creation failed
at
edu.vt.middleware.ldap.pool.SoftLimitLdapPool.checkOut(SoftLimitLdapPool.java:108)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:624)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:576)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:672)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:307)
at
edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:111)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig$1.callback(GrouperCheckConfig.java:443)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:801)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:439)
at
edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:132)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:151)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
2013-05-18 08:48:52,353: [main] ERROR
SubjectCheckConfig.checkConfig(117) - - error with subject source id:
unimore, name: LdapSourceAdapter, problem with getSubject by id, in
sources.xml: search searchSubject:
edu.internet2.middleware.subject.SourceUnavailableException: Ldap
Exception: Pool is empty and object creation failed
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:655)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:576)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:672)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:307)
at
edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:111)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig$1.callback(GrouperCheckConfig.java:443)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:801)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:439)
at
edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:132)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:151)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
Caused by: edu.vt.middleware.ldap.pool.LdapPoolExhaustedException: Pool
is empty and object creation failed
at
edu.vt.middleware.ldap.pool.SoftLimitLdapPool.checkOut(SoftLimitLdapPool.java:108)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:624)
... 10 more

It looks a private key issue, but the private key is not corrupted:
$ openssl rsa -noout -modulus < /opt/grouper/conf/grouper.key
Modulus=B727F072C2005124[...]

And the couple key/certificate are ok for apache2's https.

Can you help me spot what's wrong with the newer private key? What does
'encountered invalid integer tag 48 at 7' mean?

Thank you for your time,

Francesco




  • [grouper-users] SASL TLS/EXTERNAL private key issue, Francesco Malvezzi, 05/22/2013

Archive powered by MHonArc 2.6.16.

Top of Page