Confluence wiki: LDAP users cannot login "network error"
There were confirmed reports that we cannot login to the Confluence wiki (wiki.civicrm.org) using a civicrm.org (LDAP) account. reference
While testing (admin -> user directories -> test directory), Confluence outputs:
simple bind failed: civicrm.org:1389; nested exception is javax.naming.CommunicationException: simple bind failed: civicrm.org:1389
[Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Other tools do not seem to have this problem, and the (letsencrypt) cert for LDAP seems valid:
root@java-prod:~# openssl s_client -connect civicrm.org:1389
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = civicrm.org
verify return:1
---
Certificate chain
0 s:/CN=civicrm.org
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
Random googling around suggests that the version of Java used is too old. We are running a really old version of Confluence, which seems to bundle its own version of java. Then again, why are we running into this only now?