Directory ApacheDS
  1. Directory ApacheDS
  2. DIRSERVER-1328

External Keystore Fails: invalid property 'certificatePassword'

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.5.4
    • Component/s: None
    • Labels:
      None
    • Environment:
      Windows Server 2003

      Description

      I was trying to enable SSL with external keystore (SSL works without the external keystore using Directory Studio; my client requires the certificate). I'm using a standard install of Directory (out of the box).
      1. Created keystore according to documentation.
      2. Setup external keystore and modified Server.xml
      3. Unable to restart server due to the following error:

      invalid property 'certificatePassword' of bean class [org.apache.directory.server.ldap.LdapService]: No property 'certificatePassword' found

      If I remove this property, but leave my keystoreFile property in, I also get this error for 'keystoreFile'. Below is my ldapservice def:

      <ldapService id="ldapsService"
      enabled="true"
      ipPort="10636"

      keystoreFile="C:/Program Files/Apache Directory Server/instances/default/conf/AGS93-LDAPS.ks"
      certificatePassword="secret"

      enableLdaps="true">
      <directoryService>#directoryService</directoryService>
      <socketAcceptor>#socketAcceptor</socketAcceptor>
      </ldapService>

      1. 1328.diff
        7 kB
        Bhaskar Maddala
      2. apacheds-protocol-ldap-1.5.4.jar
        156 kB
        Bhaskar Maddala

        Activity

        Hide
        Alfonsas Stonis added a comment -

        Thanks Bhaskar. Your fix works. I had two installation of apacheds. Forgot about one. After I put jar to right location all worked fine.

        Show
        Alfonsas Stonis added a comment - Thanks Bhaskar. Your fix works. I had two installation of apacheds. Forgot about one. After I put jar to right location all worked fine.
        Hide
        Bhaskar Maddala added a comment -

        I pulled down the 1.5.4 version of the release and replace the protocol-ldap jar with the one I attached above threw in the certificatePassword and keystoreFile setting and verified that the ldap server was using the certificate I specified

        you should take a look at the instructions from here

        http://directory.apache.org/apacheds/1.5/33-how-to-enable-ssl.html

        My ldapService

        <ldapService id="ldapsService"
        enabled="true"
        ipPort="10636"
        enableLdaps="true"
        certificatePassword="secret"
        keystoreFile="/home/bhaskar/apacheds_1.5.4/zanzibar.ks">
        <directoryService>#directoryService</directoryService>
        <socketAcceptor>#socketAcceptor</socketAcceptor>
        </ldapService>

        I think you have not replace the protocol-ldap jar or replaced it at the wrong location, i.e. not in the location being used for the classpath when launching the directory server

        Show
        Bhaskar Maddala added a comment - I pulled down the 1.5.4 version of the release and replace the protocol-ldap jar with the one I attached above threw in the certificatePassword and keystoreFile setting and verified that the ldap server was using the certificate I specified you should take a look at the instructions from here http://directory.apache.org/apacheds/1.5/33-how-to-enable-ssl.html My ldapService <ldapService id="ldapsService" enabled="true" ipPort="10636" enableLdaps="true" certificatePassword="secret" keystoreFile="/home/bhaskar/apacheds_1.5.4/zanzibar.ks"> <directoryService>#directoryService</directoryService> <socketAcceptor>#socketAcceptor</socketAcceptor> </ldapService> I think you have not replace the protocol-ldap jar or replaced it at the wrong location, i.e. not in the location being used for the classpath when launching the directory server
        Hide
        Alfonsas Stonis added a comment -

        Thanks Bhaskar. Unfortunately this fix does not work. I still get error message:
        jvm 1 | [15:16:35] ERROR [org.apache.directory.daemon.Bootstrapper] - Failed on null.init(InstallationLayout, String[])
        jvm 1 | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapsService' defined in URL file:/var/lib/apacheds-1.5.4/default/conf/server.xml: Initialization of bean failed; nested exception is org.springframework.beans.InvalidPropertyException: Invalid property 'certificatePassword' of bean class [org.apache.directory.server.ldap.LdapService]: No property 'certificatePassword' found
        jvm 1 | Caused by:
        jvm 1 | org.springframework.beans.InvalidPropertyException: Invalid property 'certificatePassword' of bean class [org.apache.directory.server.ldap.LdapService]: No property 'certificatePassword' found
        jvm 1 | at org.springframework.beans.BeanWrapperImpl.convertForProperty(BeanWrapperImpl.java:376)
        jvm 1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1105)
        jvm 1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:861)
        jvm 1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:421)
        jvm 1 | at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
        jvm 1 | at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:156)
        jvm 1 | at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
        jvm 1 | at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
        jvm 1 | at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:287)
        jvm 1 | at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
        jvm 1 | at org.apache.xbean.spring.context.FileSystemXmlApplicationContext.<init>(FileSystemXmlApplicationContext.java:149)
        jvm 1 | at org.apache.xbean.spring.context.FileSystemXmlApplicationContext.<init>(FileSystemXmlApplicationContext.java:48)
        jvm 1 | at org.apache.directory.server.Service.init(Service.java:60)
        jvm 1 | at org.apache.directory.daemon.Bootstrapper.callInit(Bootstrapper.java:151)
        jvm 1 | at org.apache.directory.daemon.TanukiBootstrapper.start(TanukiBootstrapper.java:51)
        jvm 1 | at org.tanukisoftware.wrapper.WrapperManager$12.run(WrapperManager.java:2788)

        Show
        Alfonsas Stonis added a comment - Thanks Bhaskar. Unfortunately this fix does not work. I still get error message: jvm 1 | [15:16:35] ERROR [org.apache.directory.daemon.Bootstrapper] - Failed on null.init(InstallationLayout, String[]) jvm 1 | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapsService' defined in URL file:/var/lib/apacheds-1.5.4/default/conf/server.xml : Initialization of bean failed; nested exception is org.springframework.beans.InvalidPropertyException: Invalid property 'certificatePassword' of bean class [org.apache.directory.server.ldap.LdapService] : No property 'certificatePassword' found jvm 1 | Caused by: jvm 1 | org.springframework.beans.InvalidPropertyException: Invalid property 'certificatePassword' of bean class [org.apache.directory.server.ldap.LdapService] : No property 'certificatePassword' found jvm 1 | at org.springframework.beans.BeanWrapperImpl.convertForProperty(BeanWrapperImpl.java:376) jvm 1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1105) jvm 1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:861) jvm 1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:421) jvm 1 | at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251) jvm 1 | at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:156) jvm 1 | at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248) jvm 1 | at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160) jvm 1 | at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:287) jvm 1 | at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352) jvm 1 | at org.apache.xbean.spring.context.FileSystemXmlApplicationContext.<init>(FileSystemXmlApplicationContext.java:149) jvm 1 | at org.apache.xbean.spring.context.FileSystemXmlApplicationContext.<init>(FileSystemXmlApplicationContext.java:48) jvm 1 | at org.apache.directory.server.Service.init(Service.java:60) jvm 1 | at org.apache.directory.daemon.Bootstrapper.callInit(Bootstrapper.java:151) jvm 1 | at org.apache.directory.daemon.TanukiBootstrapper.start(TanukiBootstrapper.java:51) jvm 1 | at org.tanukisoftware.wrapper.WrapperManager$12.run(WrapperManager.java:2788)
        Hide
        Bhaskar Maddala added a comment -

        Attached binary jar file that supports the certificatePassword and keystore properties in the configuration, in case someone still requires a "workaround"

        Show
        Bhaskar Maddala added a comment - Attached binary jar file that supports the certificatePassword and keystore properties in the configuration, in case someone still requires a "workaround"
        Hide
        Bhaskar Maddala added a comment -

        missed the attachment last time

        Show
        Bhaskar Maddala added a comment - missed the attachment last time
        Hide
        Bhaskar Maddala added a comment -

        I pulled down the 1.5.4 tagged version from svn and LdapService and LdapsInitializer are missing support for both certificatePassword and keystore (also nbTcpThread, but I did not need it). Attached a diff file that includes the changes. Tested by replacing the ldap protocol jar in 1.5.4 distribution with the one I created.

        Show
        Bhaskar Maddala added a comment - I pulled down the 1.5.4 tagged version from svn and LdapService and LdapsInitializer are missing support for both certificatePassword and keystore (also nbTcpThread, but I did not need it). Attached a diff file that includes the changes. Tested by replacing the ldap protocol jar in 1.5.4 distribution with the one I created.
        Hide
        Alfonsas Stonis added a comment -

        I assume it is going to be fixed in 1.5.5. Till it is not released is there any work around? I am using it on production, so I do not want to install development version.

        Show
        Alfonsas Stonis added a comment - I assume it is going to be fixed in 1.5.5. Till it is not released is there any work around? I am using it on production, so I do not want to install development version.
        Hide
        Alfonsas Stonis added a comment -

        I have the same problem with version 1.5.4.

        [13:56:48] ERROR [org.apache.directory.daemon.Bootstrapper] - Failed on null.init(InstallationLayout, String[])
        jvm 1 | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapsService' defined in URL file:/var/lib/apacheds-1.5.4/default/conf/server.xml: Initialization of bean failed; nested exception is org.springframework.beans.InvalidPropertyException: Invalid property 'certificatePassword' of bean class [org.apache.directory.server.ldap.LdapService]: No property 'certificatePassword' found
        jvm 1 | Caused by:
        jvm 1 | org.springframework.beans.InvalidPropertyException: Invalid property 'certificatePassword' of bean class [org.apache.directory.server.ldap.LdapService]: No property 'certificatePassword' found
        jvm 1 | at org.springframework.beans.BeanWrapperImpl.convertForProperty(BeanWrapperImpl.java:376)
        jvm 1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1105)

        Show
        Alfonsas Stonis added a comment - I have the same problem with version 1.5.4. [13:56:48] ERROR [org.apache.directory.daemon.Bootstrapper] - Failed on null.init(InstallationLayout, String[]) jvm 1 | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapsService' defined in URL file:/var/lib/apacheds-1.5.4/default/conf/server.xml : Initialization of bean failed; nested exception is org.springframework.beans.InvalidPropertyException: Invalid property 'certificatePassword' of bean class [org.apache.directory.server.ldap.LdapService] : No property 'certificatePassword' found jvm 1 | Caused by: jvm 1 | org.springframework.beans.InvalidPropertyException: Invalid property 'certificatePassword' of bean class [org.apache.directory.server.ldap.LdapService] : No property 'certificatePassword' found jvm 1 | at org.springframework.beans.BeanWrapperImpl.convertForProperty(BeanWrapperImpl.java:376) jvm 1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1105)
        Hide
        Emmanuel Lecharny added a comment -

        Yeah, this is my feeling, too. I have fixed it one moth ago, AFAIR.

        Please, when creating an issue, don't think that all the fields are optional. They really help !

        Show
        Emmanuel Lecharny added a comment - Yeah, this is my feeling, too. I have fixed it one moth ago, AFAIR. Please, when creating an issue, don't think that all the fields are optional. They really help !
        Hide
        Stefan Zoerner added a comment -

        I have recently tried this out with the trunk (upcoming 1.5.5), and it worked just fine. I assume, ironside uses 1.5.4. Without this information, we can't go any further ...

        Show
        Stefan Zoerner added a comment - I have recently tried this out with the trunk (upcoming 1.5.5), and it worked just fine. I assume, ironside uses 1.5.4. Without this information, we can't go any further ...
        Hide
        Emmanuel Lecharny added a comment -

        Those who feel like that can fix it will assign themselves on the issue.

        Show
        Emmanuel Lecharny added a comment - Those who feel like that can fix it will assign themselves on the issue.
        Hide
        Emmanuel Lecharny added a comment -

        Which version of ADS ?

        Please give us some information that can help us to determinate if it's a real bug or something which is already fixed.

        Show
        Emmanuel Lecharny added a comment - Which version of ADS ? Please give us some information that can help us to determinate if it's a real bug or something which is already fixed.

          People

          • Assignee:
            Unassigned
            Reporter:
            ironside
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development