Hi folks!
Here are just five steps to use your existing running code of LDAP over SSL
that works fine with non SSL:
1- Fetch server certificate of ldap or issuer of server certificate
2- Use 'keytool' utility (included in jre/bin) to import server certificate
or issuer of server certificate (or you can do import certificate by code on
run time)
3- Use java.security.Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider()); in your code before initializing
LDAPConnection object
4- Get an object of netscape.ldap.factory.JSSESocketFactory with null
parameter
5- Use this factory object to initialize object of
netscape.ldap.LDAPConnection
and thats it, all the remaining code that works with non SSL LDAP servers
fine, that will also work with SSL LDAP server.
Note: keystore file name must be 'jssecacerts' and this file must be placed
on JRE location which is in use of application
Sample code is below:
.......
.......
.......
java.security.Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());
netscape.ldap.factory.JSSESocketFactory skt_fctry = new
netscape.ldap.factory.JSSESocketFactory(null);
LDAPConnection ldap_con = new LDAPConnection(skt_fctry);
ldap_con.connect("host-address", PORT_NUMBER);
.......
.......
.......
Enjoy!
Regards,
Faisal Maqsood
"Faisal" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Thanx Erhyuan Tsai,
>
> I have already read that archive and tried to contact with Rob seperatly.
> I am thankfull to you for all this. But I find some thing different that I
> will post today in brief details.
>
> Regards,
> Faisal.
>
> "Erhyuan Tsai" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > There was a post by Rob Weltman may help.
> > I found the archive at
> > http://www.mail-archive.com/[EMAIL PROTECTED]/msg01557.html
> >
> > -ey
> >
> > Faisal wrote:
> > > Hi folks,
> > >
> > > I am working on LDAP utilities using Netscape LDAP API in JAVA I am
> > > following exactly as netscape api documentation says but facing
problems
> as
> > > below:
> > >
> > > My code snippet is as follows:
> > > ***********************************
> > > ...
> > > ...
> > > com.sun.net.ssl.internal.ssl.Provider.install();
> > > LDAPSSLSocketFactory ldapsslsf = new LDAPSSLSocketFactory();
> > > m_ldpCon = new LDAPConnection(ldapsslsf);
> > > m_ldpCon.connect("ldap.openldap.org", 636);
> > > ...
> > > ...
> > >
> > > and I am getting following exception:
> > > ******************************************
> > > netscape.ldap.LDAPException: Failed to create SSL socket (91); Cannot
> > > connect to the LDAP server
> > > at
> > >
>
netscape.ldap.LDAPSSLSocketFactory.makeSocket(LDAPSSLSocketFactory.java:309)
> > > at
> netscape.ldap.LDAPConnSetupMgr.connectServer(LDAPConnSetupMgr.java:411)
> > > at
netscape.ldap.LDAPConnSetupMgr.openSerial(LDAPConnSetupMgr.java:343)
> > > at netscape.ldap.LDAPConnSetupMgr.connect(LDAPConnSetupMgr.java:237)
> > > at
> netscape.ldap.LDAPConnSetupMgr.openConnection(LDAPConnSetupMgr.java:163)
> > > at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:1033)
> > > at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:915)
> > > at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:759)
> > > at
> test.utilities.ldap.TestLDAPSearch.connectSSL(TestLDAPSearch.java:281)
> > > at test.utilities.ldap.TestLDAPSearch.main(TestLDAPSearch.java:858)
> > >
> > > Can you please help/guide me that what is wrong/missing with above
> things?
> > >
> > > Thanks in advance,
> > > Faisal
> > >
> > >
> > >
> > >
> >
>
>
_______________________________________________
mozilla-directory mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-directory
