My Blog: LDAP over SSL with Java -

Thursday, 15 July 2010

LDAP over SSL with Java -

the next code works fine:

public static void main(string[] args) {     string username = "admin";     string password = "s3cret";     hashtable env = new hashtable();     env.put(context.initial_context_factory, "com.sun.jndi.ldap.ldapctxfactory");     env.put(context.provider_url, "ldap://192.168.10.45:389/dc=softwaredev,dc=local");     //env.put(context.security_protocol, "ssl");     env.put(context.security_authentication, "simple");     env.put(context.security_principal, new string("softwaredev" + "\\" + username));     env.put(context.security_credentials, password);      dircontext ctx = null;     namingenumeration results = null;      seek {         ctx = new initialdircontext(env);         searchcontrols controls = new searchcontrols();         controls.setsearchscope(searchcontrols.subtree_scope);         results = ctx.search("", "(objectclass=person)", controls);         while (results.hasmore()) {             searchresult searchresult = (searchresult) results.next();             attributes attributes = searchresult.getattributes();             system.out.println(" person  mutual name = " + attributes.get("cn"));             system.out.println(" person display name = " + attributes.get("displayname"));             system.out.println(" person logonhours = " + attributes.get("logonhours"));             system.out.println(" person memberof = " + attributes.get("memberof"));         }     }  grab (throwable e) {         e.printstacktrace();     } {         if (results != null) {              seek {                 results.close();             }  grab (exception e) {             }         }         if (ctx != null) {              seek {                 ctx.close();             }  grab (exception e) {             }         }     } }

if uncomment next line: env.put(context.security_protocol, "ssl"); enable ssl connection , utilize url:

ldaps://192.168.10.45:636

then programme fails , error certificate.

*javax.naming.communicationexception: simple bind failed: 192.168.10.45:636 [root exception javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target]     @ com.sun.jndi.ldap.ldapclient.authenticate(unknown source)     @ com.sun.jndi.ldap.ldapctx.connect(unknown source)     @ com.sun.jndi.ldap.ldapctx.<init>(unknown source)     @ com.sun.jndi.ldap.ldapctxfactory.getusingurl(unknown source)     @ com.sun.jndi.ldap.ldapctxfactory.getusingurls(unknown source)     @ com.sun.jndi.ldap.ldapctxfactory.getldapctxinstance(unknown source)     @ com.sun.jndi.ldap.ldapctxfactory.getinitialcontext(unknown source)     @ javax.naming.spi.namingmanager.getinitialcontext(unknown source)     @ javax.naming.initialcontext.getdefaultinitctx(unknown source)     @ javax.naming.initialcontext.init(unknown source)     @ javax.naming.initialcontext.<init>(unknown source)     @ javax.naming.directory.initialdircontext.<init>(unknown source)     @ asd.ldapbasicexample.main(ldapbasicexample.java:25) caused by: javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target     @ sun.security.ssl.alerts.getsslexception(unknown source)     @ sun.security.ssl.sslsocketimpl.fatal(unknown source)     @ sun.security.ssl.handshaker.fatalse(unknown source)     @ sun.security.ssl.handshaker.fatalse(unknown source)     @ sun.security.ssl.clienthandshaker.servercertificate(unknown source)     @ sun.security.ssl.clienthandshaker.processmessage(unknown source)     @ sun.security.ssl.handshaker.processloop(unknown source)     @ sun.security.ssl.handshaker.process_record(unknown source)     @ sun.security.ssl.sslsocketimpl.readrecord(unknown source)     @ sun.security.ssl.sslsocketimpl.performinitialhandshake(unknown source)     @ sun.security.ssl.sslsocketimpl.readdatarecord(unknown source)     @ sun.security.ssl.appinputstream.read(unknown source)     @ java.io.bufferedinputstream.fill(unknown source)     @ java.io.bufferedinputstream.read1(unknown source)     @ java.io.bufferedinputstream.read(unknown source)     @ com.sun.jndi.ldap.connection.run(unknown source)     @ java.lang.thread.run(unknown source) caused by: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target     @ sun.security.validator.pkixvalidator.dobuild(unknown source)     @ sun.security.validator.pkixvalidator.enginevalidate(unknown source)     @ sun.security.validator.validator.validate(unknown source)     @ sun.security.ssl.x509trustmanagerimpl.validate(unknown source)     @ sun.security.ssl.x509trustmanagerimpl.checktrusted(unknown source)     @ sun.security.ssl.x509trustmanagerimpl.checkservertrusted(unknown source)     ... 13 more caused by: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target     @ sun.security.provider.certpath.suncertpathbuilder.enginebuild(unknown source)     @ java.security.cert.certpathbuilder.build(unknown source)*

so, can solve problem?

caused by: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target

your client truststore doesn't trust ldap server's certificate. need either signed ca or else export server client truststore. easier , cheaper signed.

java ssl ldap

My Blog

Thursday, 15 July 2010

LDAP over SSL with Java -

No comments:

Post a Comment