We need to update our LDAP configuration because our certificate is going to expire; we have a test ldaps server set up with the new certificate. From within CDH->Administration->Settings, I pointed the "LDAP URL" to the new server.
simple bind failed: ldapsdev.{obscured domain}:3269; nested exception is javax.naming.CommunicationException: simple bind failed: ldapsdev.{obscureddomain}:3269 [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]
Under the assumption that a cert needed to be added, I tried to figure out how, but could find zero documentation other than this:
https://community.cloudera.com/t5/Community-Articles/Steps-to-setup-Atlas-with-Ldaps-SSL/ta-p/247365
That relates to Atlas, which we don't use, but seemed right. I downloaded "ldapsdev-ca.crt" from the ldaps server:
echo -n | openssl s_client -connect ldapsdev.{obscureddomain}:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ldapsdev-ca.crt
And then imported it into /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts. When I do a keytool -list on that, I see it in there. I then restarted cloudera-scm-server, but I still get the same error.
Was that not the right cacerts file? There are others in various subdirs under /etc/pki I could try to add to, but it'd be nice to know for sure which file Cloudera Server is trying to use. Thanks!!!
