Java 我无法使用ip地址连接ldap服务器
我想使用java和ldaps连接ldapService。但这是错误的。 问题是: 嵌套异常为javax.naming.CommunicationException:192.168.174.145:636[根异常为javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:不存在主题替代名称] 如果我使用hostname:636,那就是成功。我不知道为什么。你能帮我吗?非常感谢Java 我无法使用ip地址连接ldap服务器,java,ssl,ldap,openldap,spring-ldap,Java,Ssl,Ldap,Openldap,Spring Ldap,我想使用java和ldaps连接ldapService。但这是错误的。 问题是: 嵌套异常为javax.naming.CommunicationException:192.168.174.145:636[根异常为javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:不存在主题替代名称] 如果我使用hostname:636,那就是成功。我不知道为什么。你能帮我吗?非常感谢 public class S
public class SslLdapContextSource extends LdapContextSource {
@Override
protected Hashtable<String, Object> getAnonymousEnv() {
Hashtable<String, Object> anonymousEnv = super.getAnonymousEnv();
anonymousEnv.put("java.naming.security.protocol", "ssl");
anonymousEnv.put("java.naming.ldap.factory.socket", CustomSSLSocketFactory.class.getName());
anonymousEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
return anonymousEnv;
}
}
public class CustomSslSocketFactory extends SSLSocketFactory {
private SSLSocketFactory socketFactory;
public CustomSslSocketFactory() {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[]{new DummyTrustmanager()}, new SecureRandom());
socketFactory = ctx.getSocketFactory();
} catch (Exception ex) {
ex.printStackTrace(System.err);
}
}
public static SocketFactory getDefault() {
return new CustomSslSocketFactory();
}
@Override
public String[] getDefaultCipherSuites() {
return socketFactory.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return socketFactory.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket socket, Senter code heretring string, int num, boolean bool) throws IOException {
return socketFactory.createSocket(socket, string, num, bool);
}
@Override
public Socket createSocket(String string, int num) throws IOException, UnknownHostException {
return socketFactory.createSocket(string, num);
}
@Override
public Socket createSocket(String string, int num, InetAddress netAdd, int i) throws IOException, UnknownHostException {
return socketFactory.createSocket(string, num, netAdd, i);
}
@Override
public Socket createSocket(InetAddress netAdd, int num) throws IOException {
return socketFactory.createSocket(netAdd, num);
}
@Override
public Socket createSocket(InetAddress netAdd1, int num, InetAddress netAdd2, int i) throws IOException {
return socketFactory.createSocket(netAdd1, num, netAdd2, i);
}
public static class DummyTrustmanager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] cert, String string) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] cert, String string) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
}
}
@Bean
public LdapTemplate ldapTemplate() {
return new LdapTemplate(contextSourceTarget());
}
@Bean
public LdapContextSource contextSourceTarget() {
if(!useSSL){
String urls = "ldap://"+url+":"+port;
LdapContextSource ldapContextSource = new LdapContextSource();
ldapContextSource.setUrl(urls);
//ldapContextSource.setBase(base);
ldapContextSource.setUserDn(username);
ldapContextSource.setPassword(password);
ldapContextSource.setReferral(referral);
ldapContextSource.afterPropertiesSet();
return ldapContextSource;
}else{
String urls = "ldaps://"+url+":"+port;
SslLdapContextSource contextSource = new SslLdapContextSource();
contextSource.setUrl(urls);
contextSource.setUserDn(username);
contextSource.setPassword(password);
contextSource.setPooled(false);
contextSource.afterPropertiesSet();
return contextSource;
}
}
我要用ldaps://192.168.174.145:636 连接ldapService。但现在我只能使用ldaps://test:636 连接ldapService。
192.168.174.145和测试是同一台计算机当建立SSL/TLS连接时,作为服务器身份验证的一部分执行各种检查。 即 服务器证书有效吗? 服务器证书是否由受信任的证书颁发机构颁发? 证书是否也属于客户端连接的服务器?
对于最后一次检查,将检查服务器证书的主题DN的主题CN或服务器证书的主题备选名称IP/DNS扩展的值。另请参见,除非证书中的IP地址作为主体替代名称,否则您无法执行此操作。3是通过数字签名完成的。主机名检查是另一个阶段。