On Tue, Mar 18, 2014 at 6:36 AM, Flavio Mattos <[email protected]>wrote:
> Hi guys..
>
> I have been trying to connect to an open ldap server using ssl/ldaps
> I can connect to that server using apache studio(via ldaps) and I would
> like to connect to the same server using the apache api.
>
> This is the code... One detail is that I generated the key in the server
> using openssl
>
>
> Then I have done some research and some people say that I need to generate
> a key in the java pattern.. so then I generated a PKCS #12 key store using
> something like
>
> you don't need to do this unless you want your client to be verified with
the server
> openssl pkcs12 -export -in cert.pem -inkey key.pem > server.p12
> and then
> keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks
> -srcstoretype pkcs12
>
>
> I have attached the stacktrace..
> The exception happens in the bind method
>
> public static void initConnection() throws LdapException, IOException {
>
> LdapConnection conn ...
>
> if (conn == null) {
> LdapConnectionConfig connectionConfig = new
> LdapConnectionConfig();
> KeyManagerFactory keyManagerFactory = null;
> try {
>
> FileInputStream fis = new FileInputStream("server.jks");
>
>
> keyManagerFactory =
> KeyManagerFactory.getInstance("SunX509");
> KeyStore keyStore =
> KeyStore.getInstance(KeyStore.getDefaultType());
> char[] password = new String("mykeyPass").toCharArray();
>
> keyStore.load(fis, password);
>
> keyManagerFactory.init(keyStore, password);
>
> keyManagerFactory.getKeyManagers();
>
> connectionConfig.setKeyManagers(keyManagerFactory.getKeyManagers());
>
> } catch (NoSuchAlgorithmException ex) {
> ex.printStackTrace(System.out);
> } catch (KeyStoreException ex) {
> ex.printStackTrace(System.out);
> } catch (UnrecoverableKeyException ex) {
> ex.printStackTrace(System.out);
> } catch (CertificateException ex) {
> ex.printStackTrace(System.out);
> }
>
>
just drop all the above KeyManager code and the client will work.
> connectionConfig.setLdapHost("myhost");
> connectionConfig.setLdapPort(636);
> connectionConfig.setName("cn=Manager,dc=example,dc=com");
> connectionConfig.setCredentials("mypass");
> connectionConfig.setUseSsl(true);
> connectionConfig.setSslProtocol("SSLv3");
> conn = new LdapNetworkConnection(connectionConfig);
>
> conn.connect();
> conn.bind();
>
> }
>
> note that by default the client will trust any X509 certificate used by
the server, if you want
to restrict it then a custom trust manager must be provided and set using
connectionConfig.setTrustManagers()
> Thanks
> Flavio
>
--
Kiran Ayyagari
http://keydap.com
