On Tue, Mar 18, 2014 at 10:44 PM, Flavio Mattos <[email protected]>wrote:
> Hi Kiran.. thank you for replying my message...
>
> I tried to do what you suggested and it did not work. I have attached the
> stack trace.. it keeps giving me LdapNetworkConnection - SSL handshake
> failed.
>
please post the stacktrace as well
>
> public static void initConnection() throws LdapException, IOException {
> if (conn == null) {
> LdapConnectionConfig connectionConfig = new
> LdapConnectionConfig();
> connectionConfig.setLdapHost("myhost");
> connectionConfig.setLdapPort(636);
> connectionConfig.setName("cn=Manager,dc=example,dc=com");
> connectionConfig.setCredentials("mypass");
> connectionConfig.setUseSsl(true);
> connectionConfig.setSslProtocol("SSLv3");
> conn = new LdapNetworkConnection(connectionConfig);
>
> conn.connect();
> conn.bind();
>
> }
> }
>
> I also tried the following code using tls and trustmanagers but this time
> it gives me a Protocol error
>
> org.apache.directory.api.ldap.model.exception.LdapOperationException:
> PROTOCOL_ERROR: The server will disconnect!
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3678)
>
> public static void initConnection() throws LdapException, IOException {
>
>
> if (conn == null) {
> LdapConnectionConfig connectionConfig = new
> LdapConnectionConfig();
>
> try {
>
> FileInputStream fis = new FileInputStream("server.jks");
>
> TrustManagerFactory tmf =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
>
> KeyStore keyStore =
> KeyStore.getInstance(KeyStore.getDefaultType());
>
> char[] password = new String("myCertPass").toCharArray();
>
> keyStore.load(fis, password);
>
> tmf.init(keyStore);
>
> connectionConfig.setTrustManagers(tmf.getTrustManagers());
>
> } catch (NoSuchAlgorithmException ex) {
> ex.printStackTrace(System.out);
> } catch (KeyStoreException ex) {
> ex.printStackTrace(System.out);
> } catch (CertificateException ex) {
> ex.printStackTrace(System.out);
> }
>
> connectionConfig.setLdapHost("myhost");
> connectionConfig.setLdapPort(636);
> connectionConfig.setName("cn=Manager,dc=example,dc=com");
> connectionConfig.setCredentials("mypass");
> connectionConfig.setSslProtocol("SSLv3");
> connectionConfig.setUseTls(true);
> conn = new LdapNetworkConnection(connectionConfig);
> conn.connect();
> conn.startTls();
>
> }
>
> }
>
>
> Thanks in advance
>
> Flavio
>
>
> On Mon, Mar 17, 2014 at 7:33 PM, Kiran Ayyagari <[email protected]>wrote:
>
>> On Tue, Mar 18, 2014 at 6:36 AM, Flavio Mattos <[email protected]
>> >wrote:
>>
>> > Hi guys..
>> >
>> > I have been trying to connect to an open ldap server using ssl/ldaps
>> > I can connect to that server using apache studio(via ldaps) and I would
>> > like to connect to the same server using the apache api.
>> >
>> > This is the code... One detail is that I generated the key in the server
>> > using openssl
>> >
>> >
>> > Then I have done some research and some people say that I need to
>> generate
>> > a key in the java pattern.. so then I generated a PKCS #12 key store
>> using
>> > something like
>> >
>> > you don't need to do this unless you want your client to be verified
>> with
>> the server
>>
>> > openssl pkcs12 -export -in cert.pem -inkey key.pem > server.p12
>> > and then
>> > keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks
>> > -srcstoretype pkcs12
>> >
>> >
>> > I have attached the stacktrace..
>> > The exception happens in the bind method
>> >
>> > public static void initConnection() throws LdapException, IOException {
>> >
>> > LdapConnection conn ...
>> >
>> > if (conn == null) {
>> > LdapConnectionConfig connectionConfig = new
>> > LdapConnectionConfig();
>> > KeyManagerFactory keyManagerFactory = null;
>> > try {
>> >
>> > FileInputStream fis = new FileInputStream("server.jks");
>> >
>> >
>> > keyManagerFactory =
>> > KeyManagerFactory.getInstance("SunX509");
>> > KeyStore keyStore =
>> > KeyStore.getInstance(KeyStore.getDefaultType());
>> > char[] password = new String("mykeyPass").toCharArray();
>> >
>> > keyStore.load(fis, password);
>> >
>> > keyManagerFactory.init(keyStore, password);
>> >
>> > keyManagerFactory.getKeyManagers();
>> >
>> > connectionConfig.setKeyManagers(keyManagerFactory.getKeyManagers());
>> >
>> > } catch (NoSuchAlgorithmException ex) {
>> > ex.printStackTrace(System.out);
>> > } catch (KeyStoreException ex) {
>> > ex.printStackTrace(System.out);
>> > } catch (UnrecoverableKeyException ex) {
>> > ex.printStackTrace(System.out);
>> > } catch (CertificateException ex) {
>> > ex.printStackTrace(System.out);
>> > }
>> >
>> >
>> just drop all the above KeyManager code and the client will work.
>>
>> > connectionConfig.setLdapHost("myhost");
>> > connectionConfig.setLdapPort(636);
>> > connectionConfig.setName("cn=Manager,dc=example,dc=com");
>> > connectionConfig.setCredentials("mypass");
>> > connectionConfig.setUseSsl(true);
>> > connectionConfig.setSslProtocol("SSLv3");
>> > conn = new LdapNetworkConnection(connectionConfig);
>> >
>> > conn.connect();
>> > conn.bind();
>> >
>> > }
>> >
>> > note that by default the client will trust any X509 certificate used by
>> the server, if you want
>> to restrict it then a custom trust manager must be provided and set using
>> connectionConfig.setTrustManagers()
>>
>> > Thanks
>> > Flavio
>> >
>>
>>
>>
>> --
>> Kiran Ayyagari
>> http://keydap.com
>>
>
>
--
Kiran Ayyagari
http://keydap.com
