Hello,
I am currently working with version M12 of the Apache LDAP API (this was the
latest version when I began to develop). The connection to the LDAP server is
established without SSL, and it works fine.
Due to security reasons we want to change the connection to SSL. So I created a
keystore file .keystore which includes the same certificate which I am using
with the Apache Directory Studio Client to connect to the LDAP server via SSL.
In the Apache Directory Studio Client, the certificate works without problems.
Trying to connect with the LDAP API results in InvalidConnectionException at
the connection.bind statement.
org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL
handshake failed.
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3808)
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1170)
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1075)
at
org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:120)
at
org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:105)
at TestSSL.main(TestSSL.java:50)
Here the code to connect to the LDAP server with the LDAP API:
boolean useSSL = true;
LdapNetworkConnection connection = null;
LdapConnectionConfig ldapConnectionConfig = null;
if (useSSL) {
ldapConnectionConfig = new LdapConnectionConfig();
ldapConnectionConfig.setUseSsl(true);
ldapConnectionConfig.setLdapHost(<host>);
ldapConnectionConfig.setLdapPort(<port>);
ldapConnectionConfig.setSslProtocol("SSLv3");
char[] pw = null;
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
try {
FileInputStream fis = new FileInputStream(".keystore");
pw = new String("<password>").toCharArray();
ks.load(fis, pw);
}
catch (Exception e) {
e.printStackTrace();
}
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(ks, pw);
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
ldapConnectionConfig.setKeyManagers(keyManagers);
connection = new LdapNetworkConnection(ldapConnectionConfig);
}
else {
connection = new LdapNetworkConnection(<host>, <port>);
}
try {
connection.bind(<bind string>, <password>);
...
With useSSL=false the program works right.
Does anyone have an idea what is missing? Could you provide me an example which
is working?
Thank you very much.
Regards
Michael Schmitz
T-Systems International GmbH
Systems Integration
GDC Big Data & BI SC BI & CRM
Michael Schmitz
Senior Consultant
Hausadresse: Fasanenweg 5, 70771 Leinfelden-Echterdingen
Postanschrift: Postfach 100258, 70746 Leinfelden
Neu: Telefon: +49 (711) 999 - 7717
Mobil: +49 (170) 863 1918
E-Mail: [email protected]
Internet: <http://www.t-systems.com<http://www.t-systems.com/>>
T-Systems
International<https://systemsnet.telekom.de/tool/de_systemswiki/index.php/Enterprise_Services>
GmbH
Aufsichtsrat<https://systemsnet.telekom.de/tool/de_systemswiki/index.php/Aufsichtsrat>:
René Obermann (Vorsitzender)
Geschäftsführung: Reinhard Clemens (Vorsitzender), Dr. Ferri Abolhassan, Dr.
Markus Müller, Georg Pepping, Hagen Rickmann, Klaus Werner
Handelsregister: Amtsgericht Frankfurt am Main HRB 55933
Sitz der Gesellschaft: Frankfurt am Main
WEEE-Reg.-Nr. DE50335567
Notice: This transmittal and/or attachments may be privileged or confidential.
If you are not the intended recipient, you are hereby notified that you have
received this transmittal in error; any review, dissemination, or copying is
strictly prohibited. If you received this transmittal in error, please notify
us immediately by reply and immediately delete this message and all its
attachments. Thank you.
