directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harakiri <harakiri...@yahoo.com>
Subject [SOLVED]Re: ApacheDS 1.52 Bad transition from state START_STATE, tag 0x80
Date Thu, 24 Apr 2008 14:15:16 GMT


--- Emmanuel Lecharny <elecharny@apache.org> wrote:

> Seems to be a known problem with Outlook :
>
http://www.openldap.org/lists/openldap-software/200204/msg00723.html

Well what do you know - the second issue is also a
quirk in Outlook (any version) - the problem was -
that the SSL certificate has to match the hostname
exactly - if it is empty or you do not connect using
the DNS name - outlook will simply refuse the
connection even if the cert itself is trusted.
Great - so what i did for testing was just edit my
hosts file and point the IP of the apacheDS to the
"right" DNS name.

BTW: In the 1.5.2 API i didnt found an easy way to
change the SSL Certificate (previously a
setCertificateFile etc existed) - so i did the
following - is this the intended way currently?
In essence i modify the admin attribute always at
server startup : 

EntryOperationContext adminEntry = new
EntryOperationContext(
				directoryService.getRegistries(),
PartitionNexus.getAdminName());

KeyStore store = ...
KeyPair keyPair = ...

	Attributes entry = new BasicAttributes();

			
			PrivateKey privateKey = keyPair.getPrivate();
			entry.put(TlsKeyGenerator.KEY_ALGORITHM_AT,
privateKey
					.getAlgorithm());
			entry.put(TlsKeyGenerator.PRIVATE_KEY_AT,
privateKey.getEncoded());
			entry.put(TlsKeyGenerator.PRIVATE_KEY_FORMAT_AT,
privateKey
					.getFormat());

			PublicKey publicKey = keyPair.getPublic();
			entry.put(TlsKeyGenerator.PUBLIC_KEY_AT,
publicKey.getEncoded());
			entry.put(TlsKeyGenerator.PUBLIC_KEY_FORMAT_AT,
publicKey
					.getFormat());

			Certificate cert = store.getCertificate(alias);

			entry.put(TlsKeyGenerator.USER_CERTIFICATE_AT,
cert.getEncoded());

			List<Modification> items =
ModifyOperationContext.createModItems(
					ServerEntryUtils.toServerEntry(entry,
PartitionNexus
							.getAdminName(),
directoryService.getRegistries()),
					ModificationOperation.REPLACE_ATTRIBUTE);

			directoryService.getPartitionNexus().modify(
					new ModifyOperationContext(
							directoryService.getRegistries(),
PartitionNexus
									.getAdminName(), items));


Thanks


      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

Mime
View raw message