When Switching From LDAP to secure LDAP (LDAPS) , Generic Error: java.security.NoSuchAlgorithmException: Error constructing implementation
search cancel

When Switching From LDAP to secure LDAP (LDAPS) , Generic Error: java.security.NoSuchAlgorithmException: Error constructing implementation

book

Article ID: 410007

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

STEPS TO REPRODUCE

1. Go to CSA > Security > LDAP Server 
to switch from LDAP to secure LDAP. Enter the configuration for secure LDAP

2. Enabled the component for LDAP

3. Restart Clarity services.

4. Enable LDAP component logging (as per article: Enabling debug logs for LDAP functionality in clarity)

5. Run the job: LDAP - Synchronize New and Changed Users

6. Review the BG logs for the error encountered:

Expected: The job should complete and users should be added/synched if they are LDAP-enabled in Clarity.

Actual: The job fails.

The BG error excerpt is:

ERROR 2025-08-14 10:13:24,977 [http-nio-8091-exec-2] directory.LDAPDirectoryService (clarity:unknown:none:PPM_REST_API) 
javax.naming.CommunicationException: ldap.server.com:636 [Root exception is java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)]
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

 

Cause

The LDAP server itself is reachable and functional for basic (non-secure) LDAP operations, however when it comes to enabling secure LDAP, 
the underlying issue/error suggests a corrupted JRE, missing/incorrect Java Cryptography Extension (JCE) policy files, or a misconfigured security provider.

The problem is specifically related to the SSL/TLS handshake from the Clarity application's Java environment.

 

Resolution

Review the CSA > Application > App JVM parameters.

Remove the additional references/parameters that is not considered default, e.g.
"-Djavax.net.ssl.keyStore=/opt/Apache_RedHat/SSL -Djavax.net.ssl.keyStorePassword=" 

Clarity will then be able to initialize the SSL context and attempt the secure LDAP handshake.

 

Powered by Wolken Software