org.apache.karaf.jaas.modules.ldap无法为ldap设置SSL支持
我目前正在运行OpenLDAP 2.4.45的一个实例,作为Talend ESB容器的验证器。我正在使用TLS连接到LDAP,并且我已经成功地使用org.apache.activemq.jaas.LDAPLoginModule让我的JMS代理连接并使用LDAP,但是,在使用org.apache.karaf.jaas.modules.LDAP.LDAPLoginModule进行web服务时,我得到以下堆栈跟踪:org.apache.karaf.jaas.modules.ldap无法为ldap设置SSL支持,apache,ssl,openldap,tls1.2,jaas,Apache,Ssl,Openldap,Tls1.2,Jaas,我目前正在运行OpenLDAP 2.4.45的一个实例,作为Talend ESB容器的验证器。我正在使用TLS连接到LDAP,并且我已经成功地使用org.apache.activemq.jaas.LDAPLoginModule让我的JMS代理连接并使用LDAP,但是,在使用org.apache.karaf.jaas.modules.LDAP.LDAPLoginModule进行web服务时,我得到以下堆栈跟踪: 2017-08-11 19:04:13,828 | WARN | qtp272427
2017-08-11 19:04:13,828 | WARN | qtp272427408-140 | LDAPLoginModule | 126 - org.apache.karaf.jaas.modules - 4.0.8 | Can't connect to the LDAP server: Unable to setup SSL support for LDAP: null
javax.naming.NamingException: Unable to setup SSL support for LDAP: null
at org.apache.karaf.jaas.modules.ldap.LDAPOptions.setupSsl(LDAPOptions.java:178)
at org.apache.karaf.jaas.modules.ldap.LDAPOptions.getEnv(LDAPOptions.java:158)
at org.apache.karaf.jaas.modules.ldap.LDAPCache.open(LDAPCache.java:113)
at org.apache.karaf.jaas.modules.ldap.LDAPCache.doGetUserDnAndNamespace(LDAPCache.java:151)
at org.apache.karaf.jaas.modules.ldap.LDAPCache.getUserDnAndNamespace(LDAPCache.java:142)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:115)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:54)
at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[org.apache.karaf.jaas.boot-4.0.8.jar:]
at sun.reflect.GeneratedMethodAccessor104.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_131]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)[:1.8.0_131]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)[:1.8.0_131]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)[:1.8.0_131]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)[:1.8.0_131]
at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_131]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.8.0_131]
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)[:1.8.0_131]
at org.apache.cxf.interceptor.security.JAASLoginInterceptor.handleMessage(JAASLoginInterceptor.java:141)[67:org.apache.cxf.cxf-core:3.1.10]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)[67:org.apache.cxf.cxf-core:3.1.10]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)[67:org.apache.cxf.cxf-core:3.1.10]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:262)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:218)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)[19:javax.servlet-api:3.1.0]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)[200:org.eclipse.jetty.servlet:9.2.19.v20160908]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)[200:org.eclipse.jetty.servlet:9.2.19.v20160908]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71)[223:org.ops4j.pax.web.pax-web-jetty:4.3.0]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)[198:org.eclipse.jetty.security:9.2.19.v20160908]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:287)[223:org.ops4j.pax.web.pax-web-jetty:4.3.0]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)[200:org.eclipse.jetty.servlet:9.2.19.v20160908]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80)[223:org.ops4j.pax.web.pax-web-jetty:4.3.0]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.Server.handle(Server.java:499)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)[191:org.eclipse.jetty.io:9.2.19.v20160908]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)[202:org.eclipse.jetty.util:9.2.19.v20160908]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)[202:org.eclipse.jetty.util:9.2.19.v20160908]
at java.lang.Thread.run(Thread.java:748)[:1.8.0_131]
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
<jaas:config name="KarafLdapConfiguration" rank="1">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
connection.url=ldaps://ldap:4444
connection.username=uid=user,ou=users,dc=base
connection.password=password
authentication=simple
user.base.dn=ou=users,dc=base
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=groups,dc=base
role.filter=(uniquemember=%fqdn)
role.name.attribute=uid
role.search.subtree=true
ssl=true
ssl.protocol=TLS
ssl.algorithm=PKIX
ssl.keystore=store
ssl.keyalias=myalias
ssl.truststore=trust
</jaas:module>
</jaas:config>
<jaas:keystore name="store"
path="file:///some/path/keystore.jks
keystorePassword="secret"
keyPasswords="secret" />
<jaas:keystore name="trust"
path="file:///some/path/truststore.jks
keystorePassword="secret" />
</blueprint>
connection.url=ldaps://ldap:4444
connection.username=uid=user,ou=users,dc=base
connection.password=密码
身份验证=简单
user.base.dn=ou=users,dc=base
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=groups,dc=base
角色筛选器=(唯一成员=%fqdn)
role.name.attribute=uid
role.search.subtree=true
ssl=true
ssl.protocol=TLS
ssl.algorithm=PKIX
ssl.keystore=store
ssl.keyalis=myalias
ssl.truststore=trust
我怀疑在这个配置文件中缺少ssl.provider选项。文档中不清楚这是什么,尽管源代码似乎在寻找某种URI。我花了相当多的时间进行搜索,但在提供CA服务的公司之外,我找不到关于什么是SSL和SSL提供商的任何信息。我不知道这是在找什么。我没有做撤销检查,所以不是那样。关于这里可能出现的问题有什么想法吗?我几天前解决了这个问题,我将记录解决方案,以防将来对任何人都有帮助 问题是配置文件中缺少ssl.provider字段。需要弄清楚的部分是所需的实际URI。在我之前的实验中,我缺少LDAP的基本DN。最终,这个领域应该是这样的
ssl.provider=ldaps://<somehostname>:<port>/<baseDN>
ssl.provider=ldaps://:/
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
<jaas:config name="KarafLdapConfiguration" rank="1">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
connection.url=ldaps://ldap:4444
connection.username=uid=user,ou=users,dc=base
connection.password=password
authentication=simple
user.base.dn=ou=users,dc=base
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=groups,dc=base
role.filter=(uniquemember=%fqdn)
role.name.attribute=uid
role.search.subtree=true
ssl=true
ssl.protocol=TLS
ssl.algorithm=PKIX
ssl.provider=ldaps://ldap:4444/dc=baseDN
ssl.keystore=store
ssl.keyalias=myalias
ssl.truststore=trust
</jaas:module>
</jaas:config>
<jaas:keystore name="store"
path="file:///some/path/keystore.jks
keystorePassword="secret"
keyPasswords="secret" />
<jaas:keystore name="trust"
path="file:///some/path/truststore.jks
keystorePassword="secret" />
</blueprint>
connection.url=ldaps://ldap:4444
connection.username=uid=user,ou=users,dc=base
connection.password=密码
身份验证=简单
user.base.dn=ou=users,dc=base
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=groups,dc=base
角色筛选器=(唯一成员=%fqdn)
role.name.attribute=uid
role.search.subtree=true
ssl=true
ssl.protocol=TLS
ssl.algorithm=PKIX
ssl.provider=ldaps://ldap:4444/dc=baseDN
ssl.keystore=store
ssl.keyalis=myalias
ssl.truststore=trust
ssl.provider=ldaps://<somehostname>:<port>/<baseDN>
ssl.provider=ldaps://:/
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
<jaas:config name="KarafLdapConfiguration" rank="1">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
connection.url=ldaps://ldap:4444
connection.username=uid=user,ou=users,dc=base
connection.password=password
authentication=simple
user.base.dn=ou=users,dc=base
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=groups,dc=base
role.filter=(uniquemember=%fqdn)
role.name.attribute=uid
role.search.subtree=true
ssl=true
ssl.protocol=TLS
ssl.algorithm=PKIX
ssl.provider=ldaps://ldap:4444/dc=baseDN
ssl.keystore=store
ssl.keyalias=myalias
ssl.truststore=trust
</jaas:module>
</jaas:config>
<jaas:keystore name="store"
path="file:///some/path/keystore.jks
keystorePassword="secret"
keyPasswords="secret" />
<jaas:keystore name="trust"
path="file:///some/path/truststore.jks
keystorePassword="secret" />
</blueprint>
connection.url=ldaps://ldap:4444
connection.username=uid=user,ou=users,dc=base
connection.password=密码
身份验证=简单
user.base.dn=ou=users,dc=base
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=groups,dc=base
角色筛选器=(唯一成员=%fqdn)
role.name.attribute=uid
role.search.subtree=true
ssl=true
ssl.protocol=TLS
ssl.algorithm=PKIX
ssl.provider=ldaps://ldap:4444/dc=baseDN
ssl.keystore=store
ssl.keyalis=myalias
ssl.truststore=trust