Hi Peter, Shiro's JndiLdapRealm uses the JNDI API to connect to an LDAP server. This means you need to configure the appropriate JNDI environment settings for SSL. For example:
... ldapRealm.contextFactory.environment[java.naming.security.protocol] = ssl I'm not sure if that will be the only property necessary - it depends on your LDAP server config. E.g. I'm not sure if you'll need to set up a custom SSL socket or not. For more information, this appears to be useful: http://v1.dione.zcu.cz/java/docs/jndi-1.2/tutorial/ldap/security/ssl.html And the first two results from this look relevant as well: http://stackoverflow.com/search?q=java+ldap+ssl HTH, Les On Thu, May 5, 2011 at 2:33 AM, Peter Diefenthaeler <[email protected]> wrote: > Hi, > > I'm trying to connect to a LDAPv2 & LDAPv3 on SSLv3 port and getting > following messages: > > 2011-05-05 08:32:55,756 [TP-Processor3] DEBUG > org.apache.shiro.realm.ldap.JndiLdapRealm - Authenticating user 'user' > through LDAP > 2011-05-05 08:32:55,756 [TP-Processor3] DEBUG > org.apache.shiro.realm.ldap.JndiLdapRealm - Authenticating user 'user' > through LDAP > 2011-05-05 08:32:55,772 [TP-Processor3] DEBUG > org.apache.shiro.realm.ldap.JndiLdapContextFactory - Initializing LDAP > context using URL [ldap://ldap:888] and principal > [racfid=user,profiletype=user,ou=racf,ou=sys,o=com] with pooling disabled > 2011-05-05 08:32:55,772 [TP-Processor3] DEBUG > org.apache.shiro.realm.ldap.JndiLdapContextFactory - Initializing LDAP > context using URL [ldap://ldap:888] and principal > [racfid=user,profiletype=user,ou=racf,ou=sys,o=com] with pooling disabled > 2011-05-05 08:32:55,850 [TP-Processor3] DEBUG > org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie > [rememberMe=deleteMe; Path=/PtsCurrWeb; Max-Age=0; Expires=Wed, 04-May-2011 > 06:32:55 GMT] > 2011-05-05 08:32:55,850 [TP-Processor3] DEBUG > org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie > [rememberMe=deleteMe; Path=/PtsCurrWeb; Max-Age=0; Expires=Wed, 04-May-2011 > 06:32:55 GMT] > 2011-05-05 08:32:55,850 [TP-Processor3] ERROR > com.csc.pts.curr.web.application.CurrWebSession - > org.apache.shiro.authc.AuthenticationException: LDAP naming error while > attempting to authenticate user. > 2011-05-05 08:32:55,865 [TP-Processor3] DEBUG > org.apache.shiro.web.servlet.AbstractShiroFilter - No FilterChainResolver > configured. Returning original FilterChain. > 2011-05-05 08:32:55,865 [TP-Processor3] DEBUG > org.apache.shiro.web.servlet.AbstractShiroFilter - No FilterChainResolver > configured. Returning original FilterChain. > 2011-05-05 08:33:05,272 [TP-Processor3] DEBUG > org.apache.shiro.web.servlet.AbstractShiroFilter - No FilterChainResolver > configured. Returning original FilterChain. > 2011-05-05 08:33:05,272 [TP-Processor3] DEBUG > org.apache.shiro.web.servlet.AbstractShiroFilter - No FilterChainResolver > configured. Returning original FilterChain. > > This is my shiro.ini file: > > [main] > # LDAP authentication > ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm > ldapRealm.userDnTemplate = racfid={0},profiletype=user,ou=racf,ou=sys,o=com > ldapRealm.contextFactory.url = ldap://ldap:888 > ldapRealm.contextFactory.authenticationMechanism = DIGEST-MD5 > #ldapRealm.contextFactory.environment[some.obscure.jndi.key] = some value > > # Simple Shiro authentication example > #credentialsMatcher = > org.apache.shiro.authc.credential.SimpleCredentialsMatcher > > [users] > # Users for simple authentication > #EOE = eoe > > [roles] > # Roles for simple authentication > #admin = * > > > My Problem: How can I configure the SSL connection for the LDAP? > > Thanks, Peter
