directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Enable SSL for Embed Apache DS Server
Date Sat, 16 May 2015 00:24:04 GMT
On Sat, May 16, 2015 at 4:28 AM, Bajaj, Yogesh <Yogesh.Bajaj@wyn.com> wrote:

> Thanks for your reply and help.
>
> Local System :-
>
> For embed server, ssl port is 10399. I am able to connect it using Apache
> Ldap Studio browser as well as

are you sure 10389 is your ssl port? just double checking cause this is the
default non-ssl port in ApacheDS
show us your client code part where you are attempting to connect

> do search using LDAP client api successfully locally. For LDAP client api,
> I installed certificates in key store to avoid ssl handshake error.
>
> On Client dev system :-
> Neither apacheds  or nor ldap client api prog are able to connect to embed
> ldap server on client m/c.
> I am getting below exception and ssl trace log is below :-
>
>
> trustStore is: C:\trusted.ks
> trustStore type is : jks
> trustStore provider is :
> init truststore
> adding as trusted cert:
>   Subject: CN=ess-tools, OU=ApacheDS, O=ASF, C=US
>   Issuer:  CN=ess-tools, OU=ApacheDS, O=ASF, C=US
>   Algorithm: RSA; Serial number: 0x3ddca171
>   Valid from Thu May 14 00:14:42 EDT 2015 until Sat May 13 00:14:42 EDT
> 2017
>
> 2015-05-15 16:22:16,531 DEBUG Using default SystemClock for timestamps
> 2015-05-15 16:22:16:547 LdapConnectionConfig [DEBUG] found
> X509TrustManager sun.security.ssl.X509TrustManagerImpl@28c75ad4
> 2015-05-15 16:22:18:139 DefaultLdapCodecService [INFO] Registered
> pre-bundled control factory: 1.3.6.1.4.1.18060.0.0.1
> 2015-05-15 16:22:18:203 DefaultLdapCodecService [INFO] Registered
> pre-bundled control factory: 2.16.840.1.113730.3.4.7
> 2015-05-15 16:22:18:234 DefaultLdapCodecService [INFO] Registered
> pre-bundled control factory: 2.16.840.1.113730.3.4.2
> 2015-05-15 16:22:18:265 DefaultLdapCodecService [INFO] Registered
> pre-bundled control factory: 2.16.840.1.113730.3.4.18
> 2015-05-15 16:22:18:406 DefaultLdapCodecService [INFO] Registered
> pre-bundled control factory: 1.2.840.113556.1.4.319
> 2015-05-15 16:22:18:468 DefaultLdapCodecService [INFO] Registered
> pre-bundled control factory: 2.16.840.1.113730.3.4.3
> 2015-05-15 16:22:18:499 DefaultLdapCodecService [INFO] Registered
> pre-bundled control factory: 1.3.6.1.4.1.4203.1.10.1
> 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 1.3.6.1.4.1.18060.0.0.1
> 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 2.16.840.1.113730.3.4.7
> 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 2.16.840.1.113730.3.4.2
> 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 2.16.840.1.113730.3.4.18
> 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 1.2.840.113556.1.4.319
> 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 2.16.840.1.113730.3.4.3
> 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 1.3.6.1.4.1.4203.1.10.1
> 2015-05-15 16:22:18:671 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 1.3.6.1.4.1.42.2.27.8.5.1
> 2015-05-15 16:22:18:936 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 2.16.840.1.113730.3.4.9
> 2015-05-15 16:22:18:983 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 2.16.840.1.113730.3.4.10
> 2015-05-15 16:22:19:061 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 1.3.6.1.4.1.4203.1.9.1.3
> 2015-05-15 16:22:19:108 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 1.3.6.1.4.1.4203.1.9.1.4
> 2015-05-15 16:22:19:170 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 1.3.6.1.4.1.4203.1.9.1.1
> 2015-05-15 16:22:19:170 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 1.3.6.1.4.1.4203.1.9.1.2
> 2015-05-15 16:22:19:233 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 1.2.840.113556.1.4.473
> 2015-05-15 16:22:19:265 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 1.2.840.113556.1.4.474
> 2015-05-15 16:22:19:296 CodecFactoryUtil [INFO] Registered pre-bundled
> control factory: 1.2.840.113556.1.4.841
> 2015-05-15 16:22:19:467 CodecFactoryUtil [INFO] Registered pre-bundled
> extended operation factory: 1.3.6.1.1.8
> 2015-05-15 16:22:19:686 CodecFactoryUtil [INFO] Registered pre-bundled
> extended operation factory: 1.3.6.1.4.1.18060.0.1.8
> 2015-05-15 16:22:19:857 CodecFactoryUtil [INFO] Registered pre-bundled
> extended operation factory: 1.3.6.1.4.1.18060.0.1.3
> 2015-05-15 16:22:20:029 CodecFactoryUtil [INFO] Registered pre-bundled
> extended operation factory: 1.3.6.1.4.1.18060.0.1.6
> 2015-05-15 16:22:20:123 CodecFactoryUtil [INFO] Registered pre-bundled
> extended operation factory: 1.3.6.1.4.1.18060.0.1.5
> 2015-05-15 16:22:20:294 CodecFactoryUtil [INFO] Registered pre-bundled
> extended operation factory: 1.3.6.1.4.1.4203.1.11.1
> 2015-05-15 16:22:20:410 CodecFactoryUtil [INFO] Registered pre-bundled
> extended operation factory: 1.3.6.1.4.1.4203.1.11.3
> 2015-05-15 16:22:20:551 CodecFactoryUtil [INFO] Registered pre-bundled
> extended operation factory: 1.3.6.1.4.1.1466.20037
> trigger seeding of SecureRandom
> done seeding SecureRandom
> 2015-05-15 16:23:29:440 LdapNetworkConnection [DEBUG] ------>> Connection
> error: Connection timed out: no further information
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> Cannot connect to the server: Connection timed out: no further information
>         at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.connect(LdapNetworkConnection.java:658)
>         at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1268)
>         at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1188)
>         at
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:127)
>         at
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112)
>         at com.whg.ess.tool.ldap.LdapSvc.test1(LdapSvc.java:68)
>         at com.whg.ess.tool.ldap.LdapSvc.main(LdapSvc.java:27)
> Caused by: java.net.ConnectException: Connection timed out: no further
> information
>         at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
>         at
> sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:739)
>         at
> org.apache.mina.transport.socket.nio.NioSocketConnector.finishConnect(NioSocketConnector.java:221)
>         at
> org.apache.mina.transport.socket.nio.NioSocketConnector.finishConnect(NioSocketConnector.java:47)
>         at
> org.apache.mina.core.polling.AbstractPollingIoConnector.processConnections(AbstractPollingIoConnector.java:459)
>         at
> org.apache.mina.core.polling.AbstractPollingIoConnector.access$700(AbstractPollingIoConnector.java:65)
>         at
> org.apache.mina.core.polling.AbstractPollingIoConnector$Connector.run(AbstractPollingIoConnector.java:527)
>         at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>         at java.lang.Thread.run(Thread.java:745)
>
>
> Thanks
> Yogesh Bajaj
>
>
> -----Original Message-----
> From: Emmanuel Lécharny [mailto:elecharny@gmail.com]
> Sent: Wednesday, May 13, 2015 5:42 PM
> To: users@directory.apache.org
> Subject: Re: Enable SSL for Embed Apache DS Server
>
> Le 13/05/15 22:03, Bajaj, Yogesh a écrit :
> > Hi Friends,
> >
> > I set up Apache DS embed server. I am using one of aspect provided in
> JIRA ticket  to avoid multiple resources issue.
> > This is working fine on local laptop. Now I want to enable SSL for embed
> LDAP server  as once I am deploying it on client dev server , I am not able
> to connect it. My client dev server requires ssh connection.
>
> SSL and SSH are two different things.
>
> The code you provided is correct. The server should be SSL enabled. have
> you tried to connect to the server on port 10636 (or whatever value
> serverPort contains) ?
> >
> > Please advise, how to enable SSL for embed LDAP server?. I already did
> below in embed ldap server.
> >
> > transports.setEnableSSL(true);
> >
> > I am using latest Apache DS version 2.0.0-M20.
> >
> >
> > Embed LDAP server java file :-
> >
> > import java.io.File;
> > import java.util.List;
> >
> > import org.apache.directory.api.ldap.model.name.Dn;
> > import org.apache.directory.api.ldap.model.schema.SchemaManager;
> > import
> > org.apache.directory.api.ldap.model.schema.registries.SchemaLoader;
> > import
> > org.apache.directory.api.ldap.schema.extractor.SchemaLdifExtractor;
> > import
> > org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifE
> > xtractor; import
> > org.apache.directory.api.ldap.schema.loader.LdifSchemaLoader;
> > import
> > org.apache.directory.api.ldap.schema.manager.impl.DefaultSchemaManager
> > ;
> >
> > import org.apache.directory.api.util.exception.Exceptions;
> > import org.apache.directory.server.constants.ServerDNConstants;
> > import org.apache.directory.server.core.DefaultDirectoryService;
> > import org.apache.directory.server.core.api.CacheService;
> > import org.apache.directory.server.core.api.DirectoryService;
> > import org.apache.directory.server.core.api.DnFactory;
> > import org.apache.directory.server.core.api.InstanceLayout;
> > import org.apache.directory.server.core.api.schema.SchemaPartition;
> > import
> > org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartiti
> > on; import
> > org.apache.directory.server.core.partition.ldif.LdifPartition;
> > import org.apache.directory.server.core.shared.DefaultDnFactory;
> > import org.apache.directory.server.i18n.I18n;
> > import org.apache.directory.server.ldap.LdapServer;
> > import
> > org.apache.directory.server.protocol.shared.transport.TcpTransport;
> > import org.apache.logging.log4j.LogManager;
> > import org.apache.logging.log4j.Logger;
> >
> >
> >
> > public class EmbeddedADS  {
> >
> >
> >
> >     private static final Logger LOGGER =
> LogManager.getLogger(EmbeddedADS.class);
> >     /** The directory service */
> >     private DirectoryService service;
> >
> >     /** The LDAP server */
> >     private LdapServer server;
> >
> >     private static EmbeddedADS instance;
> >
> >
> >
> >     public static EmbeddedADS getInstance(){
> >         if(instance == null){
> >             instance= new EmbeddedADS();
> >         }
> >         return instance;
> >     }
> >
> >     /**
> >      * initialize the schema manager and add the schema partition to
> diectory
> >      * service
> >      *
> >      * @throws Exception
> >      *             if the schema LDIF files are not found on the
> classpath
> >      */
> >     private void initSchemaPartition() throws Exception {
> >         final InstanceLayout instanceLayout =
> > this.service.getInstanceLayout();
> >
> >         final File schemaPartitionDirectory = new File(
> >                 instanceLayout.getPartitionsDirectory(), "schema");
> >
> >         // Extract the schema on disk (a brand new one) and load the
> registries
> >         if (schemaPartitionDirectory.exists()) {
> >             LOGGER.debug("schema partition already exists, skipping
> schema extraction");
> >         } else {
> >             final SchemaLdifExtractor extractor = new
> DefaultSchemaLdifExtractor(
> >                     instanceLayout.getPartitionsDirectory());
> >             extractor.extractOrCopy();
> >         }
> >
> >         final SchemaLoader loader = new LdifSchemaLoader(
> >                 schemaPartitionDirectory);
> >         final SchemaManager schemaManager = new
> > DefaultSchemaManager(loader);
> >
> >         // final DnFactory dnFactory = new
> >         // DefaultDnFactory(schemaManager,service.getDnFactory());
> >
> >         // We have to load the schema now, otherwise we won't be able
> >         // to initialize the Partitions, as we won't be able to parse
> >         // and normalize their suffix Dn
> >         schemaManager.loadAllEnabled();
> >
> >         final List<Throwable> errors = schemaManager.getErrors();
> >
> >         if (errors.size() != 0) {
> >             throw new Exception(I18n.err(I18n.ERR_317,
> >                     Exceptions.printErrors(errors)));
> >         }
> >
> >         this.service.setSchemaManager(schemaManager);
> >
> >         // Init the LdifPartition with schema
> >        DnFactory dnFactory = new DefaultDnFactory(schemaManager,
> this.service.getCacheService().getCache("dnCache"));
> >        this.service.setDnFactory(dnFactory);
> >         final LdifPartition schemaLdifPartition = new LdifPartition(
> >                 schemaManager,  service.getDnFactory());
> >
> >
> > schemaLdifPartition.setPartitionPath(schemaPartitionDirectory.toURI())
> > ;
> >
> >         // The schema partition
> >         final SchemaPartition schemaPartition = new SchemaPartition(
> >                 schemaManager);
> >         schemaPartition.setWrappedPartition(schemaLdifPartition);
> >         this.service.setSchemaPartition(schemaPartition);
> >     }
> >
> >     /**
> >      * Initialize the server. It creates the partition, adds the index,
> and
> >      * injects the context entries for the created partitions.
> >      *
> >      * @param workDir
> >      *            the directory to be used for storing the data
> >      * @throws Exception
> >      *             if there were some problems while initializing the
> system
> >      */
> >     private void initDirectoryService(final File workDir) throws
> Exception {
> >         // Initialize the LDAP service
> >         this.service = new DefaultDirectoryService();
> >         this.service.setInstanceLayout(new InstanceLayout(workDir));
> >
> >         final CacheService cacheService = new CacheService();
> >         cacheService.initialize(this.service.getInstanceLayout());
> >
> >         this.service.setCacheService(cacheService);
> >
> >         // first load the schema
> >         this.initSchemaPartition();
> >
> >         // then the system partition
> >         // this is a MANDATORY partition
> >         // DO NOT add this via addPartition() method, trunk code
> complains about
> >         // duplicate partition
> >         // while initializing
> >         final JdbmPartition systemPartition = new JdbmPartition(
> >                 this.service.getSchemaManager(), service.getDnFactory());
> >         systemPartition.setId("system");
> >         systemPartition.setPartitionPath(new File(this.service
> >                 .getInstanceLayout().getPartitionsDirectory(),
> systemPartition
> >                 .getId()).toURI());
> >         systemPartition.setSuffixDn(new Dn(ServerDNConstants.SYSTEM_DN));
> >
> > systemPartition.setSchemaManager(this.service.getSchemaManager());
> >
> >         // mandatory to call this method to set the system partition
> >         // Note: this system partition might be removed from trunk
> >         this.service.setSystemPartition(systemPartition);
> >
> >         // Disable the ChangeLog system
> >         this.service.getChangeLog().setEnabled(false);
> >         this.service.setDenormalizeOpAttrsEnabled(true);
> >         this.service.setShutdownHookEnabled(true);
> >
> >         // And start the service
> >         this.service.startup();
> >
> >         // We are all done !
> >     }
> >
> >     public EmbeddedADS()  {
> >
> >     }
> >
> >     /**
> >      * Creates a new instance of EmbeddedADS. It initializes the
> directory
> >      * service.
> >      *
> >      * @throws Exception
> >      *             If something went wrong
> >      */
> >     public void init(final File workDir) throws Exception {
> >         if (!workDir.exists()) {
> >             workDir.mkdirs();
> >             this.initDirectoryService(workDir);
> >             this.service.shutdown();
> >         }
> >
> >         this.initDirectoryService(workDir);
> >     }
> >
> >     /**
> >      * starts the LdapServer
> >      *
> >      * @throws Exception
> >      */
> >     public void startServer(File workDir, int serverPort) throws
> Exception {
> >         init(workDir);
> >         this.server = new LdapServer();
> >         TcpTransport transports = new TcpTransport(serverPort);
> >         transports.setEnableSSL(true);
> >         this.server.setTransports(transports);
> >         this.server.setDirectoryService(this.service);
> >
> >
> >         this.server.start();
> >
> >
> >         LOGGER.debug("The server is running.");
> >     }
> >
> >     public void shutdownServer() throws Exception {
> >
> >
> >         if(this.server != null){
> >             try {
> >                 this.server.stop();
> >                 LOGGER.debug("LDAP Server stop done");
> >             } catch (Exception e) {
> >               LOGGER.error("exception in stop server",e);
> >             }
> >         }
> >
> >
> >         if(this.service != null){
> >             try {
> >                 this.service.shutdown();
> >                 LOGGER.debug("Dir Service shutdwon done");
> >             } catch (Exception e) {
> >                 LOGGER.error("exception in shutdown dir service",e);
> >             }
> >         }
> >
> >
> >     }
> > }
> >
> >
> >
> >
> > The information in this electronic mail ("e-mail") message may contain
> information that is confidential and/or privileged, or may otherwise be
> protected by work product or other legal rules. It is solely for the use of
> the individual(s) or the entity (ies) originally intended. Access to this
> electronic mail message by anyone else is unauthorized. If you are not the
> intended recipient, be advised that any unauthorized review, disclosure,
> copying, distribution or use of this information, or any action taken or
> omitted to be taken in reliance on it, is prohibited and may be unlawful.
> Please notify the sender immediately if you have received this electronic
> message by mistake, and destroy all copies of the original message.
> >
> > The sender believes that this e-mail and any attachments were free of
> any virus, worm, Trojan horse, malicious code and/or other contaminants
> when sent. E-mail transmissions cannot be guaranteed to be secure or
> error-free, so this message and its attachments could have been infected,
> corrupted or made incomplete during transmission. By reading the message
> and opening any attachments, the recipient accepts full responsibility for
> any viruses or other defects that may arise, and for taking remedial action
> relating to such viruses and other defects. Neither Wyndham Worldwide
> Corporation nor any of its affiliated entities is liable for any loss or
> damage arising in any way from, or for errors or omissions in the contents
> of, this message or its attachments.
>
>
> The information in this electronic mail ("e-mail") message may contain
> information that is confidential and/or privileged, or may otherwise be
> protected by work product or other legal rules. It is solely for the use of
> the individual(s) or the entity (ies) originally intended. Access to this
> electronic mail message by anyone else is unauthorized. If you are not the
> intended recipient, be advised that any unauthorized review, disclosure,
> copying, distribution or use of this information, or any action taken or
> omitted to be taken in reliance on it, is prohibited and may be unlawful.
> Please notify the sender immediately if you have received this electronic
> message by mistake, and destroy all copies of the original message.
>
> The sender believes that this e-mail and any attachments were free of any
> virus, worm, Trojan horse, malicious code and/or other contaminants when
> sent. E-mail transmissions cannot be guaranteed to be secure or error-free,
> so this message and its attachments could have been infected, corrupted or
> made incomplete during transmission. By reading the message and opening any
> attachments, the recipient accepts full responsibility for any viruses or
> other defects that may arise, and for taking remedial action relating to
> such viruses and other defects. Neither Wyndham Worldwide Corporation nor
> any of its affiliated entities is liable for any loss or damage arising in
> any way from, or for errors or omissions in the contents of, this message
> or its attachments.
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message