Java 具有SSL连接的OpenLdap失败
我在本地与LinuxMint合作,并在virtualbox中安装了带有openldap的UbuntuServer。现在我配置下面的指南 TLS/SSL身份验证,但当我尝试从Java连接SSL时:Java 具有SSL连接的OpenLdap失败,java,ssl,openldap,Java,Ssl,Openldap,我在本地与LinuxMint合作,并在virtualbox中安装了带有openldap的UbuntuServer。现在我配置下面的指南 TLS/SSL身份验证,但当我尝试从Java连接SSL时: import java.io.UnsupportedEncodingException; import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPException; import com.novell.ldap.LDAPJSS
import java.io.UnsupportedEncodingException;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPJSSESecureSocketFactory;
public class GetAuthenticated
{
public static void main( String[] args ) {
int ldapVersion = LDAPConnection.LDAP_V3;
int ldapPort = LDAPConnection.DEFAULT_PORT;
int ldapSSLPort = LDAPConnection.DEFAULT_SSL_PORT;
String ldapHost = "192.168.1.46";
String loginDN = "cn=admin,dc=company,dc=com";
String password = "secret";
LDAPConnection conn = new LDAPConnection();
simpleBind1( conn, ldapHost, ldapPort, loginDN, password );
SSLBind( ldapVersion, ldapHost, ldapSSLPort, loginDN, password );
System.exit(0);
}
private static void simpleBind1(LDAPConnection conn, String host,
int port, String dn, String passwd ) {
try {
System.out.println("Simple bind...");
// connect to the server
conn.connect( host, port );
// authenticate to the server
try {
conn.bind( LDAPConnection.LDAP_V3, dn, passwd.getBytes("UTF8") );
} catch (UnsupportedEncodingException u){
throw new LDAPException( "UTF8 Invalid Encoding",
LDAPException.LOCAL_ERROR,
(String)null, u);
}
System.out.println((conn.isBound()) ?
"\n\tAuthenticated to the server ( simple )\n":
"\n\tNot authenticated to the server\n");
// disconnect with the server
conn.disconnect();
}
catch( LDAPException e ) {
System.out.println( "Error: " + e.toString() );
}
return;
}
private static void SSLBind( int version, String host, int SSLPort,
String dn, String passwd ) {
// Set the socket factory for this connection only
LDAPJSSESecureSocketFactory ssf = new LDAPJSSESecureSocketFactory();
LDAPConnection conn = new LDAPConnection(ssf);
try {
System.out.println("SSL bind...");
// connect to the server
conn.connect( host, SSLPort);
// authenticate to the server with the connection method
try {
conn.bind( version, dn, passwd.getBytes("UTF8") );
} catch (UnsupportedEncodingException u){
throw new LDAPException( "UTF8 Invalid Encoding",
LDAPException.LOCAL_ERROR,
(String)null, u);
}
System.out.println((conn.isBound()) ?
"\n\tAuthenticated to the server ( ssl )\n":
"\n\tNot authenticated to the server\n");
// disconnect with the server
conn.disconnect();
}
catch( LDAPException e ) {
System.out.println( "Error: " + e.toString() );
}
return;
}
}
simpleBind1工作正常,但SSLBind不工作,我有以下错误:
I/O Exception on host 192.168.1.46, port 636 (91) Connect Error
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
您需要将服务器证书添加到Java的密钥库中,因为我假设它是自签名的 您可以使用
openssl s_客户端-连接[主机名]:[端口如443]/tmp/lb.cert
然后将证书添加到密钥库中
keytool-importcert-keystore[密钥库位置不同,但可以是/etc/pki/java/cacerts]-storepass changeit-file/tmp/lb.cert-别名newSelfSignedKey-noprompt