On Tue, May 19, 2015 at 10:42 AM, Bajaj, Yogesh <[email protected]>
wrote:
>
> I changed code to use port 10636. Still connection time out is happening
> on bind call. Client code is below.
>
> you need to give your code where you embedded the server, if it contains
any sensitive information
please remove those lines and send
> private static void test1(){
> try( LdapConnection connection = new LdapNetworkConnection(
> "vsvphxasldev01", 10636,true);) {
>
> connection.bind( "uid=admin,ou=system", "secret" ); // here
> connection time out is happening
> EntryCursor cursor = connection.search(
> "ou=configuration", "(&(objectclass=*))", SearchScope.SUBTREE, "*" );
>
> while ( cursor.next() ){
> Entry entry = cursor.get();
>
> System.out.println(entry);
> }
> connection.unBind();
> } catch (LdapException | CursorException | IOException e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
> }
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:[email protected]]
> Sent: Friday, May 15, 2015 8:24 PM
> To: [email protected]
> Subject: Re: Enable SSL for Embed Apache DS Server
>
> On Sat, May 16, 2015 at 4:28 AM, Bajaj, Yogesh <[email protected]>
> wrote:
>
> > Thanks for your reply and help.
> >
> > Local System :-
> >
> > For embed server, ssl port is 10399. I am able to connect it using
> > Apache Ldap Studio browser as well as
>
> are you sure 10389 is your ssl port? just double checking cause this is
> the default non-ssl port in ApacheDS show us your client code part where
> you are attempting to connect
>
> > do search using LDAP client api successfully locally. For LDAP client
> > api, I installed certificates in key store to avoid ssl handshake error.
> >
> > On Client dev system :-
> > Neither apacheds or nor ldap client api prog are able to connect to
> > embed ldap server on client m/c.
> > I am getting below exception and ssl trace log is below :-
> >
> >
> > trustStore is: C:\trusted.ks
> > trustStore type is : jks
> > trustStore provider is :
> > init truststore
> > adding as trusted cert:
> > Subject: CN=ess-tools, OU=ApacheDS, O=ASF, C=US
> > Issuer: CN=ess-tools, OU=ApacheDS, O=ASF, C=US
> > Algorithm: RSA; Serial number: 0x3ddca171
> > Valid from Thu May 14 00:14:42 EDT 2015 until Sat May 13 00:14:42
> > EDT
> > 2017
> >
> > 2015-05-15 16:22:16,531 DEBUG Using default SystemClock for timestamps
> > 2015-05-15 16:22:16:547 LdapConnectionConfig [DEBUG] found
> > X509TrustManager sun.security.ssl.X509TrustManagerImpl@28c75ad4
> > 2015-05-15 16:22:18:139 DefaultLdapCodecService [INFO] Registered
> > pre-bundled control factory: 1.3.6.1.4.1.18060.0.0.1
> > 2015-05-15 16:22:18:203 DefaultLdapCodecService [INFO] Registered
> > pre-bundled control factory: 2.16.840.1.113730.3.4.7
> > 2015-05-15 16:22:18:234 DefaultLdapCodecService [INFO] Registered
> > pre-bundled control factory: 2.16.840.1.113730.3.4.2
> > 2015-05-15 16:22:18:265 DefaultLdapCodecService [INFO] Registered
> > pre-bundled control factory: 2.16.840.1.113730.3.4.18
> > 2015-05-15 16:22:18:406 DefaultLdapCodecService [INFO] Registered
> > pre-bundled control factory: 1.2.840.113556.1.4.319
> > 2015-05-15 16:22:18:468 DefaultLdapCodecService [INFO] Registered
> > pre-bundled control factory: 2.16.840.1.113730.3.4.3
> > 2015-05-15 16:22:18:499 DefaultLdapCodecService [INFO] Registered
> > pre-bundled control factory: 1.3.6.1.4.1.4203.1.10.1
> > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 1.3.6.1.4.1.18060.0.0.1
> > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 2.16.840.1.113730.3.4.7
> > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 2.16.840.1.113730.3.4.2
> > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 2.16.840.1.113730.3.4.18
> > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 1.2.840.113556.1.4.319
> > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 2.16.840.1.113730.3.4.3
> > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 1.3.6.1.4.1.4203.1.10.1
> > 2015-05-15 16:22:18:671 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 1.3.6.1.4.1.42.2.27.8.5.1
> > 2015-05-15 16:22:18:936 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 2.16.840.1.113730.3.4.9
> > 2015-05-15 16:22:18:983 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 2.16.840.1.113730.3.4.10
> > 2015-05-15 16:22:19:061 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 1.3.6.1.4.1.4203.1.9.1.3
> > 2015-05-15 16:22:19:108 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 1.3.6.1.4.1.4203.1.9.1.4
> > 2015-05-15 16:22:19:170 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 1.3.6.1.4.1.4203.1.9.1.1
> > 2015-05-15 16:22:19:170 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 1.3.6.1.4.1.4203.1.9.1.2
> > 2015-05-15 16:22:19:233 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 1.2.840.113556.1.4.473
> > 2015-05-15 16:22:19:265 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 1.2.840.113556.1.4.474
> > 2015-05-15 16:22:19:296 CodecFactoryUtil [INFO] Registered pre-bundled
> > control factory: 1.2.840.113556.1.4.841
> > 2015-05-15 16:22:19:467 CodecFactoryUtil [INFO] Registered pre-bundled
> > extended operation factory: 1.3.6.1.1.8
> > 2015-05-15 16:22:19:686 CodecFactoryUtil [INFO] Registered pre-bundled
> > extended operation factory: 1.3.6.1.4.1.18060.0.1.8
> > 2015-05-15 16:22:19:857 CodecFactoryUtil [INFO] Registered pre-bundled
> > extended operation factory: 1.3.6.1.4.1.18060.0.1.3
> > 2015-05-15 16:22:20:029 CodecFactoryUtil [INFO] Registered pre-bundled
> > extended operation factory: 1.3.6.1.4.1.18060.0.1.6
> > 2015-05-15 16:22:20:123 CodecFactoryUtil [INFO] Registered pre-bundled
> > extended operation factory: 1.3.6.1.4.1.18060.0.1.5
> > 2015-05-15 16:22:20:294 CodecFactoryUtil [INFO] Registered pre-bundled
> > extended operation factory: 1.3.6.1.4.1.4203.1.11.1
> > 2015-05-15 16:22:20:410 CodecFactoryUtil [INFO] Registered pre-bundled
> > extended operation factory: 1.3.6.1.4.1.4203.1.11.3
> > 2015-05-15 16:22:20:551 CodecFactoryUtil [INFO] Registered pre-bundled
> > extended operation factory: 1.3.6.1.4.1.1466.20037 trigger seeding of
> > SecureRandom done seeding SecureRandom
> > 2015-05-15 16:23:29:440 LdapNetworkConnection [DEBUG] ------>>
> > Connection
> > error: Connection timed out: no further information
> >
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> > Cannot connect to the server: Connection timed out: no further
> information
> > at
> >
> org.apache.directory.ldap.client.api.LdapNetworkConnection.connect(LdapNetworkConnection.java:658)
> > at
> >
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1268)
> > at
> >
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1188)
> > at
> >
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:127)
> > at
> >
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112)
> > at com.whg.ess.tool.ldap.LdapSvc.test1(LdapSvc.java:68)
> > at com.whg.ess.tool.ldap.LdapSvc.main(LdapSvc.java:27)
> > Caused by: java.net.ConnectException: Connection timed out: no further
> > information
> > at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
> > at
> > sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:739)
> > at
> >
> org.apache.mina.transport.socket.nio.NioSocketConnector.finishConnect(NioSocketConnector.java:221)
> > at
> >
> org.apache.mina.transport.socket.nio.NioSocketConnector.finishConnect(NioSocketConnector.java:47)
> > at
> >
> org.apache.mina.core.polling.AbstractPollingIoConnector.processConnections(AbstractPollingIoConnector.java:459)
> > at
> >
> org.apache.mina.core.polling.AbstractPollingIoConnector.access$700(AbstractPollingIoConnector.java:65)
> > at
> >
> org.apache.mina.core.polling.AbstractPollingIoConnector$Connector.run(AbstractPollingIoConnector.java:527)
> > at
> >
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> > at java.lang.Thread.run(Thread.java:745)
> >
> >
> > Thanks
> > Yogesh Bajaj
> >
> >
> > -----Original Message-----
> > From: Emmanuel Lécharny [mailto:[email protected]]
> > Sent: Wednesday, May 13, 2015 5:42 PM
> > To: [email protected]
> > Subject: Re: Enable SSL for Embed Apache DS Server
> >
> > Le 13/05/15 22:03, Bajaj, Yogesh a écrit :
> > > Hi Friends,
> > >
> > > I set up Apache DS embed server. I am using one of aspect provided
> > > in
> > JIRA ticket to avoid multiple resources issue.
> > > This is working fine on local laptop. Now I want to enable SSL for
> > > embed
> > LDAP server as once I am deploying it on client dev server , I am not
> > able to connect it. My client dev server requires ssh connection.
> >
> > SSL and SSH are two different things.
> >
> > The code you provided is correct. The server should be SSL enabled.
> > have you tried to connect to the server on port 10636 (or whatever
> > value serverPort contains) ?
> > >
> > > Please advise, how to enable SSL for embed LDAP server?. I already
> > > did
> > below in embed ldap server.
> > >
> > > transports.setEnableSSL(true);
> > >
> > > I am using latest Apache DS version 2.0.0-M20.
> > >
> > >
> > > Embed LDAP server java file :-
> > >
> > > import java.io.File;
> > > import java.util.List;
> > >
> > > import org.apache.directory.api.ldap.model.name.Dn;
> > > import org.apache.directory.api.ldap.model.schema.SchemaManager;
> > > import
> > > org.apache.directory.api.ldap.model.schema.registries.SchemaLoader;
> > > import
> > > org.apache.directory.api.ldap.schema.extractor.SchemaLdifExtractor;
> > > import
> > > org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdi
> > > fE
> > > xtractor; import
> > > org.apache.directory.api.ldap.schema.loader.LdifSchemaLoader;
> > > import
> > > org.apache.directory.api.ldap.schema.manager.impl.DefaultSchemaManag
> > > er
> > > ;
> > >
> > > import org.apache.directory.api.util.exception.Exceptions;
> > > import org.apache.directory.server.constants.ServerDNConstants;
> > > import org.apache.directory.server.core.DefaultDirectoryService;
> > > import org.apache.directory.server.core.api.CacheService;
> > > import org.apache.directory.server.core.api.DirectoryService;
> > > import org.apache.directory.server.core.api.DnFactory;
> > > import org.apache.directory.server.core.api.InstanceLayout;
> > > import org.apache.directory.server.core.api.schema.SchemaPartition;
> > > import
> > > org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmParti
> > > ti
> > > on; import
> > > org.apache.directory.server.core.partition.ldif.LdifPartition;
> > > import org.apache.directory.server.core.shared.DefaultDnFactory;
> > > import org.apache.directory.server.i18n.I18n;
> > > import org.apache.directory.server.ldap.LdapServer;
> > > import
> > > org.apache.directory.server.protocol.shared.transport.TcpTransport;
> > > import org.apache.logging.log4j.LogManager;
> > > import org.apache.logging.log4j.Logger;
> > >
> > >
> > >
> > > public class EmbeddedADS {
> > >
> > >
> > >
> > > private static final Logger LOGGER =
> > LogManager.getLogger(EmbeddedADS.class);
> > > /** The directory service */
> > > private DirectoryService service;
> > >
> > > /** The LDAP server */
> > > private LdapServer server;
> > >
> > > private static EmbeddedADS instance;
> > >
> > >
> > >
> > > public static EmbeddedADS getInstance(){
> > > if(instance == null){
> > > instance= new EmbeddedADS();
> > > }
> > > return instance;
> > > }
> > >
> > > /**
> > > * initialize the schema manager and add the schema partition to
> > diectory
> > > * service
> > > *
> > > * @throws Exception
> > > * if the schema LDIF files are not found on the
> > classpath
> > > */
> > > private void initSchemaPartition() throws Exception {
> > > final InstanceLayout instanceLayout =
> > > this.service.getInstanceLayout();
> > >
> > > final File schemaPartitionDirectory = new File(
> > > instanceLayout.getPartitionsDirectory(), "schema");
> > >
> > > // Extract the schema on disk (a brand new one) and load the
> > registries
> > > if (schemaPartitionDirectory.exists()) {
> > > LOGGER.debug("schema partition already exists, skipping
> > schema extraction");
> > > } else {
> > > final SchemaLdifExtractor extractor = new
> > DefaultSchemaLdifExtractor(
> > > instanceLayout.getPartitionsDirectory());
> > > extractor.extractOrCopy();
> > > }
> > >
> > > final SchemaLoader loader = new LdifSchemaLoader(
> > > schemaPartitionDirectory);
> > > final SchemaManager schemaManager = new
> > > DefaultSchemaManager(loader);
> > >
> > > // final DnFactory dnFactory = new
> > > // DefaultDnFactory(schemaManager,service.getDnFactory());
> > >
> > > // We have to load the schema now, otherwise we won't be able
> > > // to initialize the Partitions, as we won't be able to parse
> > > // and normalize their suffix Dn
> > > schemaManager.loadAllEnabled();
> > >
> > > final List<Throwable> errors = schemaManager.getErrors();
> > >
> > > if (errors.size() != 0) {
> > > throw new Exception(I18n.err(I18n.ERR_317,
> > > Exceptions.printErrors(errors)));
> > > }
> > >
> > > this.service.setSchemaManager(schemaManager);
> > >
> > > // Init the LdifPartition with schema
> > > DnFactory dnFactory = new DefaultDnFactory(schemaManager,
> > this.service.getCacheService().getCache("dnCache"));
> > > this.service.setDnFactory(dnFactory);
> > > final LdifPartition schemaLdifPartition = new LdifPartition(
> > > schemaManager, service.getDnFactory());
> > >
> > >
> > > schemaLdifPartition.setPartitionPath(schemaPartitionDirectory.toURI(
> > > ))
> > > ;
> > >
> > > // The schema partition
> > > final SchemaPartition schemaPartition = new SchemaPartition(
> > > schemaManager);
> > > schemaPartition.setWrappedPartition(schemaLdifPartition);
> > > this.service.setSchemaPartition(schemaPartition);
> > > }
> > >
> > > /**
> > > * Initialize the server. It creates the partition, adds the
> > > index,
> > and
> > > * injects the context entries for the created partitions.
> > > *
> > > * @param workDir
> > > * the directory to be used for storing the data
> > > * @throws Exception
> > > * if there were some problems while initializing the
> > system
> > > */
> > > private void initDirectoryService(final File workDir) throws
> > Exception {
> > > // Initialize the LDAP service
> > > this.service = new DefaultDirectoryService();
> > > this.service.setInstanceLayout(new InstanceLayout(workDir));
> > >
> > > final CacheService cacheService = new CacheService();
> > > cacheService.initialize(this.service.getInstanceLayout());
> > >
> > > this.service.setCacheService(cacheService);
> > >
> > > // first load the schema
> > > this.initSchemaPartition();
> > >
> > > // then the system partition
> > > // this is a MANDATORY partition
> > > // DO NOT add this via addPartition() method, trunk code
> > complains about
> > > // duplicate partition
> > > // while initializing
> > > final JdbmPartition systemPartition = new JdbmPartition(
> > > this.service.getSchemaManager(),
> service.getDnFactory());
> > > systemPartition.setId("system");
> > > systemPartition.setPartitionPath(new File(this.service
> > > .getInstanceLayout().getPartitionsDirectory(),
> > systemPartition
> > > .getId()).toURI());
> > > systemPartition.setSuffixDn(new
> > > Dn(ServerDNConstants.SYSTEM_DN));
> > >
> > > systemPartition.setSchemaManager(this.service.getSchemaManager());
> > >
> > > // mandatory to call this method to set the system partition
> > > // Note: this system partition might be removed from trunk
> > > this.service.setSystemPartition(systemPartition);
> > >
> > > // Disable the ChangeLog system
> > > this.service.getChangeLog().setEnabled(false);
> > > this.service.setDenormalizeOpAttrsEnabled(true);
> > > this.service.setShutdownHookEnabled(true);
> > >
> > > // And start the service
> > > this.service.startup();
> > >
> > > // We are all done !
> > > }
> > >
> > > public EmbeddedADS() {
> > >
> > > }
> > >
> > > /**
> > > * Creates a new instance of EmbeddedADS. It initializes the
> > directory
> > > * service.
> > > *
> > > * @throws Exception
> > > * If something went wrong
> > > */
> > > public void init(final File workDir) throws Exception {
> > > if (!workDir.exists()) {
> > > workDir.mkdirs();
> > > this.initDirectoryService(workDir);
> > > this.service.shutdown();
> > > }
> > >
> > > this.initDirectoryService(workDir);
> > > }
> > >
> > > /**
> > > * starts the LdapServer
> > > *
> > > * @throws Exception
> > > */
> > > public void startServer(File workDir, int serverPort) throws
> > Exception {
> > > init(workDir);
> > > this.server = new LdapServer();
> > > TcpTransport transports = new TcpTransport(serverPort);
> > > transports.setEnableSSL(true);
> > > this.server.setTransports(transports);
> > > this.server.setDirectoryService(this.service);
> > >
> > >
> > > this.server.start();
> > >
> > >
> > > LOGGER.debug("The server is running.");
> > > }
> > >
> > > public void shutdownServer() throws Exception {
> > >
> > >
> > > if(this.server != null){
> > > try {
> > > this.server.stop();
> > > LOGGER.debug("LDAP Server stop done");
> > > } catch (Exception e) {
> > > LOGGER.error("exception in stop server",e);
> > > }
> > > }
> > >
> > >
> > > if(this.service != null){
> > > try {
> > > this.service.shutdown();
> > > LOGGER.debug("Dir Service shutdwon done");
> > > } catch (Exception e) {
> > > LOGGER.error("exception in shutdown dir service",e);
> > > }
> > > }
> > >
> > >
> > > }
> > > }
> > >
> > >
> > >
> > >
> > > The information in this electronic mail ("e-mail") message may
> > > contain
> > information that is confidential and/or privileged, or may otherwise
> > be protected by work product or other legal rules. It is solely for
> > the use of the individual(s) or the entity (ies) originally intended.
> > Access to this electronic mail message by anyone else is unauthorized.
> > If you are not the intended recipient, be advised that any
> > unauthorized review, disclosure, copying, distribution or use of this
> > information, or any action taken or omitted to be taken in reliance on
> it, is prohibited and may be unlawful.
> > Please notify the sender immediately if you have received this
> > electronic message by mistake, and destroy all copies of the original
> message.
> > >
> > > The sender believes that this e-mail and any attachments were free
> > > of
> > any virus, worm, Trojan horse, malicious code and/or other
> > contaminants when sent. E-mail transmissions cannot be guaranteed to
> > be secure or error-free, so this message and its attachments could
> > have been infected, corrupted or made incomplete during transmission.
> > By reading the message and opening any attachments, the recipient
> > accepts full responsibility for any viruses or other defects that may
> > arise, and for taking remedial action relating to such viruses and
> > other defects. Neither Wyndham Worldwide Corporation nor any of its
> > affiliated entities is liable for any loss or damage arising in any
> > way from, or for errors or omissions in the contents of, this message or
> its attachments.
> >
> >
> > The information in this electronic mail ("e-mail") message may contain
> > information that is confidential and/or privileged, or may otherwise
> > be protected by work product or other legal rules. It is solely for
> > the use of the individual(s) or the entity (ies) originally intended.
> > Access to this electronic mail message by anyone else is unauthorized.
> > If you are not the intended recipient, be advised that any
> > unauthorized review, disclosure, copying, distribution or use of this
> > information, or any action taken or omitted to be taken in reliance on
> it, is prohibited and may be unlawful.
> > Please notify the sender immediately if you have received this
> > electronic message by mistake, and destroy all copies of the original
> message.
> >
> > The sender believes that this e-mail and any attachments were free of
> > any virus, worm, Trojan horse, malicious code and/or other
> > contaminants when sent. E-mail transmissions cannot be guaranteed to
> > be secure or error-free, so this message and its attachments could
> > have been infected, corrupted or made incomplete during transmission.
> > By reading the message and opening any attachments, the recipient
> > accepts full responsibility for any viruses or other defects that may
> > arise, and for taking remedial action relating to such viruses and
> > other defects. Neither Wyndham Worldwide Corporation nor any of its
> > affiliated entities is liable for any loss or damage arising in any
> > way from, or for errors or omissions in the contents of, this message or
> its attachments.
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
> The information in this electronic mail ("e-mail") message may contain
> information that is confidential and/or privileged, or may otherwise be
> protected by work product or other legal rules. It is solely for the use of
> the individual(s) or the entity (ies) originally intended. Access to this
> electronic mail message by anyone else is unauthorized. If you are not the
> intended recipient, be advised that any unauthorized review, disclosure,
> copying, distribution or use of this information, or any action taken or
> omitted to be taken in reliance on it, is prohibited and may be unlawful.
> Please notify the sender immediately if you have received this electronic
> message by mistake, and destroy all copies of the original message.
>
> The sender believes that this e-mail and any attachments were free of any
> virus, worm, Trojan horse, malicious code and/or other contaminants when
> sent. E-mail transmissions cannot be guaranteed to be secure or error-free,
> so this message and its attachments could have been infected, corrupted or
> made incomplete during transmission. By reading the message and opening any
> attachments, the recipient accepts full responsibility for any viruses or
> other defects that may arise, and for taking remedial action relating to
> such viruses and other defects. Neither Wyndham Worldwide Corporation nor
> any of its affiliated entities is liable for any loss or damage arising in
> any way from, or for errors or omissions in the contents of, this message
> or its attachments.
>
--
Kiran Ayyagari
http://keydap.com
