Hi Kiran.. thank you for replying my message...

I tried to do what you suggested and it did not work. I have attached the stack trace.. it keeps giving me LdapNetworkConnection - SSL handshake failed.

public static void initConnection() throws LdapException, IOException {
     if (conn == null) {
            LdapConnectionConfig connectionConfig = new LdapConnectionConfig();
            connectionConfig.setLdapHost("myhost");
            connectionConfig.setLdapPort(636);
            connectionConfig.setName("cn=Manager,dc=example,dc=com");
            connectionConfig.setCredentials("mypass");
            connectionConfig.setUseSsl(true);
            connectionConfig.setSslProtocol("SSLv3");
            conn = new LdapNetworkConnection(connectionConfig);

            conn.connect();
            conn.bind();

        }
}

I also tried the following code using tls and trustmanagers but this time it gives me a Protocol error

org.apache.directory.api.ldap.model.exception.LdapOperationException: PROTOCOL_ERROR: The server will disconnect!
at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3678)

public static void initConnection() throws LdapException, IOException {

        
        if (conn == null) {
            LdapConnectionConfig connectionConfig = new LdapConnectionConfig();
            
            try {
                
                FileInputStream fis = new FileInputStream("server.jks");
                
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                
                char[] password = new String("myCertPass").toCharArray();
                
                keyStore.load(fis, password);
                
                tmf.init(keyStore);
                
                connectionConfig.setTrustManagers(tmf.getTrustManagers());
                
            } catch (NoSuchAlgorithmException ex) {
                ex.printStackTrace(System.out);
            } catch (KeyStoreException ex) {
                ex.printStackTrace(System.out);
            } catch (CertificateException ex) {
                ex.printStackTrace(System.out);
            }
            
            connectionConfig.setLdapHost("myhost");
            connectionConfig.setLdapPort(636);
            connectionConfig.setName("cn=Manager,dc=example,dc=com");
            connectionConfig.setCredentials("mypass");
            connectionConfig.setSslProtocol("SSLv3");
            connectionConfig.setUseTls(true);
            conn = new LdapNetworkConnection(connectionConfig);
            conn.connect();
            conn.startTls();

        }

    }


Thanks in advance

Flavio


On Mon, Mar 17, 2014 at 7:33 PM, Kiran Ayyagari <kayyagari@apache.org> wrote:
On Tue, Mar 18, 2014 at 6:36 AM, Flavio Mattos <flaviomattos86@gmail.com>wrote:

> Hi guys..
>
> I have been trying to connect to an open ldap server using ssl/ldaps
> I can connect to that server using apache studio(via ldaps) and I would
> like to connect to the same server using the apache api.
>
> This is the code... One detail is that I generated the key in the server
> using openssl
>
>
> Then I have done some research and some people say that I need to generate
> a key in the java pattern.. so  then I generated a PKCS #12 key store using
> something like
>
> you don't need to do this unless you want your client to be verified with
the server

> openssl pkcs12 -export -in cert.pem -inkey key.pem > server.p12
> and then
> keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks
> -srcstoretype pkcs12
>
>
> I have attached the stacktrace..
> The exception happens in the bind method
>
> public static void initConnection() throws LdapException, IOException {
>
> LdapConnection conn ...
>
>         if (conn == null) {
>             LdapConnectionConfig connectionConfig = new
> LdapConnectionConfig();
>             KeyManagerFactory keyManagerFactory = null;
>             try {
>
>                 FileInputStream fis = new FileInputStream("server.jks");
>
>
>                 keyManagerFactory =
> KeyManagerFactory.getInstance("SunX509");
>                 KeyStore keyStore =
> KeyStore.getInstance(KeyStore.getDefaultType());
>                 char[] password = new String("mykeyPass").toCharArray();
>
>                 keyStore.load(fis, password);
>
>                 keyManagerFactory.init(keyStore, password);
>
>                 keyManagerFactory.getKeyManagers();
>
> connectionConfig.setKeyManagers(keyManagerFactory.getKeyManagers());
>
>             } catch (NoSuchAlgorithmException ex) {
>                 ex.printStackTrace(System.out);
>             } catch (KeyStoreException ex) {
>                 ex.printStackTrace(System.out);
>             } catch (UnrecoverableKeyException ex) {
>                 ex.printStackTrace(System.out);
>             } catch (CertificateException ex) {
>                 ex.printStackTrace(System.out);
>             }
>
>
just drop all the above KeyManager code and the client will work.

>             connectionConfig.setLdapHost("myhost");
>             connectionConfig.setLdapPort(636);
>             connectionConfig.setName("cn=Manager,dc=example,dc=com");
>             connectionConfig.setCredentials("mypass");
>             connectionConfig.setUseSsl(true);
>             connectionConfig.setSslProtocol("SSLv3");
>             conn = new LdapNetworkConnection(connectionConfig);
>
>             conn.connect();
>     conn.bind();
>
>         }
>
> note that by default the client will trust any X509 certificate used by
the server, if you want
to restrict it then a custom trust manager must be provided and set using
connectionConfig.setTrustManagers()

> Thanks
> Flavio
>



--
Kiran Ayyagari
http://keydap.com