forwarding to API ML ---------- Forwarded message ---------- From: <[email protected]> Date: Wed, Feb 27, 2013 at 6:44 PM Subject: AW: LdapNetworkConnection using SSL To: [email protected]
Hello, the port 10636 is correct. The LDAP server is an OpenLDAP installation. Regards Michael Schmitz T-Systems International GmbH Systems Integration PDU Horizontal + Future Markets BI & CRM Michael Schmitz Senior Consultant Hausadresse: Fasanenweg 5, 70771 Leinfelden-Echterdingen Postanschrift: Postfach 100258, 70746 Leinfelden Telefon: +49 (711) 972 - 43862 Telefax: +49 (711) 972 - 41751 Mobil: +49 (170) 863 1918 E-Mail: [email protected] Internet: <http://www.t-systems.com> T-Systems International GmbH Aufsichtsrat: René Obermann (Vorsitzender) Geschäftsführung: Reinhard Clemens (Vorsitzender), Dr. Ferri Abolhassan, Olaf Heyden, Georg Pepping, Klaus Werner Handelsregister: Amtsgericht Frankfurt am Main HRB 55933 Sitz der Gesellschaft: Frankfurt am Main WEEE-Reg.-Nr. DE87523644 Notice: This transmittal and/or attachments may be privileged or confidential. If you are not the intended recipient, you are hereby notified that you have received this transmittal in error; any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you. -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Kiran Ayyagari Gesendet: Mittwoch, 27. Februar 2013 13:45 An: [email protected] Betreff: Re: LdapNetworkConnection using SSL can you check if you are using the correct port when SSL is used to connect, by default ApacheDS accepts SSL connections on port 10636 On Wed, Feb 27, 2013 at 6:08 PM, <[email protected]> wrote: > Hello, > > I am currently working with version M12 of the Apache LDAP API (this > was the latest version when I began to develop). The connection to the > LDAP server is established without SSL, and it works fine. > > Due to security reasons we want to change the connection to SSL. So I > created a keystore file .keystore which includes the same certificate > which I am using with the Apache Directory Studio Client to connect to > the LDAP server via SSL. In the Apache Directory Studio Client, the > certificate works without problems. Trying to connect with the LDAP > API results in InvalidConnectionException at the connection.bind statement. > > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeReques > t(LdapNetworkConnection.java:3808) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(L > dapNetworkConnection.java:1170) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNe > tworkConnection.java:1075) > at > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(Abstr > actLdapConnection.java:120) > at > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(Abstr > actLdapConnection.java:105) > at TestSSL.main(TestSSL.java:50) > > Here the code to connect to the LDAP server with the LDAP API: > > boolean useSSL = true; > LdapNetworkConnection connection = null; > LdapConnectionConfig ldapConnectionConfig = null; > if (useSSL) { > ldapConnectionConfig = new LdapConnectionConfig(); > ldapConnectionConfig.setUseSsl(true); > ldapConnectionConfig.setLdapHost(<host>); > ldapConnectionConfig.setLdapPort(<port>); > ldapConnectionConfig.setSslProtocol("SSLv3"); > char[] pw = null; > KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); > try { > FileInputStream fis = new FileInputStream(".keystore"); > pw = new String("<password>").toCharArray(); > ks.load(fis, pw); > } > catch (Exception e) { > e.printStackTrace(); > } > KeyManagerFactory keyManagerFactory = > KeyManagerFactory.getInstance("SunX509"); > keyManagerFactory.init(ks, pw); > KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); > ldapConnectionConfig.setKeyManagers(keyManagers); > connection = new LdapNetworkConnection(ldapConnectionConfig); > } > else { > connection = new LdapNetworkConnection(<host>, <port>); > } > try { > connection.bind(<bind string>, <password>); > ... > With useSSL=false the program works right. > > Does anyone have an idea what is missing? Could you provide me an > example which is working? > > Thank you very much. > > Regards > Michael Schmitz > > T-Systems International GmbH > Systems Integration > GDC Big Data & BI SC BI & CRM > Michael Schmitz > Senior Consultant > Hausadresse: Fasanenweg 5, 70771 Leinfelden-Echterdingen > Postanschrift: Postfach 100258, 70746 Leinfelden > Neu: Telefon: +49 (711) 999 - 7717 > Mobil: +49 (170) 863 1918 > E-Mail: [email protected] > Internet: <http://www.t-systems.com<http://www.t-systems.com/>> > T-Systems International< > https://systemsnet.telekom.de/tool/de_systemswiki/index.php/Enterprise > _Services> > GmbH > Aufsichtsrat< > https://systemsnet.telekom.de/tool/de_systemswiki/index.php/Aufsichtsrat>: > René Obermann (Vorsitzender) > Geschäftsführung: Reinhard Clemens (Vorsitzender), Dr. Ferri > Abolhassan, Dr. Markus Müller, Georg Pepping, Hagen Rickmann, Klaus > Werner > Handelsregister: Amtsgericht Frankfurt am Main HRB 55933 Sitz der > Gesellschaft: Frankfurt am Main WEEE-Reg.-Nr. DE50335567 > > Notice: This transmittal and/or attachments may be privileged or > confidential. If you are not the intended recipient, you are hereby > notified that you have received this transmittal in error; any review, > dissemination, or copying is strictly prohibited. If you received this > transmittal in error, please notify us immediately by reply and > immediately delete this message and all its attachments. Thank you. > > > -- Kiran Ayyagari http://keydap.com -- Kiran Ayyagari http://keydap.com
