directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <ayyagariki...@gmail.com>
Subject Fwd: LdapNetworkConnection using SSL
Date Wed, 27 Feb 2013 13:16:14 GMT
forwarding to API ML

---------- Forwarded message ----------
From: <Michael.Schmitz@t-systems.com>
Date: Wed, Feb 27, 2013 at 6:44 PM
Subject: AW: LdapNetworkConnection using SSL
To: ayyagarikiran@gmail.com



Hello,

the port 10636 is correct. The LDAP server is an OpenLDAP installation.

Regards
Michael Schmitz

T-Systems International GmbH
Systems Integration
PDU Horizontal + Future Markets
BI & CRM
Michael Schmitz
Senior Consultant
Hausadresse: Fasanenweg 5, 70771 Leinfelden-Echterdingen
Postanschrift: Postfach 100258, 70746 Leinfelden
Telefon: +49 (711) 972 - 43862
Telefax: +49 (711) 972 - 41751
Mobil: +49 (170) 863 1918
E-Mail: Michael.Schmitz@T-Systems.com
Internet: <http://www.t-systems.com>
T-Systems International GmbH
Aufsichtsrat: René Obermann (Vorsitzender)
Geschäftsführung: Reinhard Clemens (Vorsitzender), Dr. Ferri Abolhassan,
Olaf Heyden, Georg Pepping, Klaus Werner
Handelsregister: Amtsgericht Frankfurt am Main HRB 55933
Sitz der Gesellschaft: Frankfurt am Main
WEEE-Reg.-Nr. DE87523644
Notice: This transmittal and/or attachments may be privileged or
confidential. If you are not the intended recipient, you are hereby
notified that you have received this transmittal in error; any review,
dissemination, or copying is strictly prohibited. If you received this
transmittal in error, please notify us immediately by reply and immediately
delete this message and all its attachments. Thank you.


-----Ursprüngliche Nachricht-----
Von: ayyagarikiran@gmail.com [mailto:ayyagarikiran@gmail.com] Im Auftrag
von Kiran Ayyagari
Gesendet: Mittwoch, 27. Februar 2013 13:45
An: api@directory.apache.org
Betreff: Re: LdapNetworkConnection using SSL

can you check if you are using the correct port when SSL is used to
connect, by default ApacheDS accepts SSL connections on port 10636

On Wed, Feb 27, 2013 at 6:08 PM, <Michael.Schmitz@t-systems.com> wrote:

> Hello,
>
> I am currently working with version M12 of the Apache LDAP API (this
> was the latest version when I began to develop). The connection to the
> LDAP server is established without SSL, and it works fine.
>
> Due to security reasons we want to change the connection to SSL. So I
> created a keystore file .keystore which includes the same certificate
> which I am using with the Apache Directory Studio Client to connect to
> the LDAP server via SSL. In the Apache Directory Studio Client, the
> certificate works without problems. Trying to connect with the LDAP
> API results in InvalidConnectionException at the connection.bind
statement.
>
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeReques
> t(LdapNetworkConnection.java:3808)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(L
> dapNetworkConnection.java:1170)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNe
> tworkConnection.java:1075)
> at
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(Abstr
> actLdapConnection.java:120)
> at
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(Abstr
> actLdapConnection.java:105)
> at TestSSL.main(TestSSL.java:50)
>
> Here the code to connect to the LDAP server with the LDAP API:
>
>   boolean useSSL = true;
>   LdapNetworkConnection connection = null;
>   LdapConnectionConfig ldapConnectionConfig = null;
>   if (useSSL) {
>       ldapConnectionConfig = new LdapConnectionConfig();
>       ldapConnectionConfig.setUseSsl(true);
>       ldapConnectionConfig.setLdapHost(<host>);
>       ldapConnectionConfig.setLdapPort(<port>);
>       ldapConnectionConfig.setSslProtocol("SSLv3");
>       char[] pw = null;
>       KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
>       try {
>           FileInputStream fis = new FileInputStream(".keystore");
>           pw = new String("<password>").toCharArray();
>           ks.load(fis, pw);
>       }
>       catch (Exception e) {
>           e.printStackTrace();
>       }
>       KeyManagerFactory keyManagerFactory =
> KeyManagerFactory.getInstance("SunX509");
>       keyManagerFactory.init(ks, pw);
>       KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
>       ldapConnectionConfig.setKeyManagers(keyManagers);
>       connection = new LdapNetworkConnection(ldapConnectionConfig);
>   }
>   else {
>       connection = new LdapNetworkConnection(<host>, <port>);
>   }
>   try {
>       connection.bind(<bind string>, <password>);
>             ...
> With useSSL=false the program works right.
>
> Does anyone have an idea what is missing? Could you provide me an
> example which is working?
>
> Thank you very much.
>
> Regards
> Michael Schmitz
>
> T-Systems International GmbH
> Systems Integration
> GDC Big Data & BI SC BI & CRM
> Michael Schmitz
> Senior Consultant
> Hausadresse: Fasanenweg 5, 70771 Leinfelden-Echterdingen
> Postanschrift: Postfach 100258, 70746 Leinfelden
> Neu: Telefon: +49 (711) 999 - 7717
> Mobil: +49 (170) 863 1918
> E-Mail: Michael.Schmitz@T-Systems.com
> Internet: <http://www.t-systems.com<http://www.t-systems.com/>>
> T-Systems International<
> https://systemsnet.telekom.de/tool/de_systemswiki/index.php/Enterprise
> _Services>
> GmbH
> Aufsichtsrat<
> https://systemsnet.telekom.de/tool/de_systemswiki/index.php/Aufsichtsrat>:
> René Obermann (Vorsitzender)
> Geschäftsführung: Reinhard Clemens (Vorsitzender), Dr. Ferri
> Abolhassan, Dr. Markus Müller, Georg Pepping, Hagen Rickmann, Klaus
> Werner
> Handelsregister: Amtsgericht Frankfurt am Main HRB 55933 Sitz der
> Gesellschaft: Frankfurt am Main WEEE-Reg.-Nr. DE50335567
>
> Notice: This transmittal and/or attachments may be privileged or
> confidential. If you are not the intended recipient, you are hereby
> notified that you have received this transmittal in error; any review,
> dissemination, or copying is strictly prohibited. If you received this
> transmittal in error, please notify us immediately by reply and
> immediately delete this message and all its attachments. Thank you.
>
>
>


--
Kiran Ayyagari
http://keydap.com



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message