Hi Kiran.. thank you for replying my message...
I tried to do what you suggested and it did not work. I have attached the
stack trace.. it keeps giving me LdapNetworkConnection - SSL handshake
failed.
public static void initConnection() throws LdapException, IOException {
if (conn == null) {
LdapConnectionConfig connectionConfig = new
LdapConnectionConfig();
connectionConfig.setLdapHost("myhost");
connectionConfig.setLdapPort(636);
connectionConfig.setName("cn=Manager,dc=example,dc=com");
connectionConfig.setCredentials("mypass");
connectionConfig.setUseSsl(true);
connectionConfig.setSslProtocol("SSLv3");
conn = new LdapNetworkConnection(connectionConfig);
conn.connect();
conn.bind();
}
}
I also tried the following code using tls and trustmanagers but this time
it gives me a Protocol error
org.apache.directory.api.ldap.model.exception.LdapOperationException:
PROTOCOL_ERROR: The server will disconnect!
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3678)
public static void initConnection() throws LdapException, IOException {
if (conn == null) {
LdapConnectionConfig connectionConfig = new
LdapConnectionConfig();
try {
FileInputStream fis = new FileInputStream("server.jks");
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keyStore =
KeyStore.getInstance(KeyStore.getDefaultType());
char[] password = new String("myCertPass").toCharArray();
keyStore.load(fis, password);
tmf.init(keyStore);
connectionConfig.setTrustManagers(tmf.getTrustManagers());
} catch (NoSuchAlgorithmException ex) {
ex.printStackTrace(System.out);
} catch (KeyStoreException ex) {
ex.printStackTrace(System.out);
} catch (CertificateException ex) {
ex.printStackTrace(System.out);
}
connectionConfig.setLdapHost("myhost");
connectionConfig.setLdapPort(636);
connectionConfig.setName("cn=Manager,dc=example,dc=com");
connectionConfig.setCredentials("mypass");
connectionConfig.setSslProtocol("SSLv3");
connectionConfig.setUseTls(true);
conn = new LdapNetworkConnection(connectionConfig);
conn.connect();
conn.startTls();
}
}
Thanks in advance
Flavio
On Mon, Mar 17, 2014 at 7:33 PM, Kiran Ayyagari <[email protected]>wrote:
> On Tue, Mar 18, 2014 at 6:36 AM, Flavio Mattos <[email protected]
> >wrote:
>
> > Hi guys..
> >
> > I have been trying to connect to an open ldap server using ssl/ldaps
> > I can connect to that server using apache studio(via ldaps) and I would
> > like to connect to the same server using the apache api.
> >
> > This is the code... One detail is that I generated the key in the server
> > using openssl
> >
> >
> > Then I have done some research and some people say that I need to
> generate
> > a key in the java pattern.. so then I generated a PKCS #12 key store
> using
> > something like
> >
> > you don't need to do this unless you want your client to be verified with
> the server
>
> > openssl pkcs12 -export -in cert.pem -inkey key.pem > server.p12
> > and then
> > keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks
> > -srcstoretype pkcs12
> >
> >
> > I have attached the stacktrace..
> > The exception happens in the bind method
> >
> > public static void initConnection() throws LdapException, IOException {
> >
> > LdapConnection conn ...
> >
> > if (conn == null) {
> > LdapConnectionConfig connectionConfig = new
> > LdapConnectionConfig();
> > KeyManagerFactory keyManagerFactory = null;
> > try {
> >
> > FileInputStream fis = new FileInputStream("server.jks");
> >
> >
> > keyManagerFactory =
> > KeyManagerFactory.getInstance("SunX509");
> > KeyStore keyStore =
> > KeyStore.getInstance(KeyStore.getDefaultType());
> > char[] password = new String("mykeyPass").toCharArray();
> >
> > keyStore.load(fis, password);
> >
> > keyManagerFactory.init(keyStore, password);
> >
> > keyManagerFactory.getKeyManagers();
> >
> > connectionConfig.setKeyManagers(keyManagerFactory.getKeyManagers());
> >
> > } catch (NoSuchAlgorithmException ex) {
> > ex.printStackTrace(System.out);
> > } catch (KeyStoreException ex) {
> > ex.printStackTrace(System.out);
> > } catch (UnrecoverableKeyException ex) {
> > ex.printStackTrace(System.out);
> > } catch (CertificateException ex) {
> > ex.printStackTrace(System.out);
> > }
> >
> >
> just drop all the above KeyManager code and the client will work.
>
> > connectionConfig.setLdapHost("myhost");
> > connectionConfig.setLdapPort(636);
> > connectionConfig.setName("cn=Manager,dc=example,dc=com");
> > connectionConfig.setCredentials("mypass");
> > connectionConfig.setUseSsl(true);
> > connectionConfig.setSslProtocol("SSLv3");
> > conn = new LdapNetworkConnection(connectionConfig);
> >
> > conn.connect();
> > conn.bind();
> >
> > }
> >
> > note that by default the client will trust any X509 certificate used by
> the server, if you want
> to restrict it then a custom trust manager must be provided and set using
> connectionConfig.setTrustManagers()
>
> > Thanks
> > Flavio
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
