JRE 8u192-javax.security.auth.login.FailedLoginException:无法绑定到LDAP服务器
在我的应用程序中,我提供对本机AD和LDAP的支持。当我尝试使用NativeAD对用户进行身份验证时,它工作正常,但对于LDAP(我们需要在linux上安装应用程序),我得到了javax.security.auth.login.FailedLoginException:无法绑定到LDAP服务器 错误堆栈:-JRE 8u192-javax.security.auth.login.FailedLoginException:无法绑定到LDAP服务器,java,ssl,java-8,active-directory,ldap,Java,Ssl,Java 8,Active Directory,Ldap,在我的应用程序中,我提供对本机AD和LDAP的支持。当我尝试使用NativeAD对用户进行身份验证时,它工作正常,但对于LDAP(我们需要在linux上安装应用程序),我得到了javax.security.auth.login.FailedLoginException:无法绑定到LDAP服务器 错误堆栈:- Caused by: javax.security.auth.login.FailedLoginException: Cannot bind to LDAP server .
Caused by: javax.security.auth.login.FailedLoginException: Cannot bind to LDAP server
...
Caused by: javax.naming.CommunicationException: simple bind failed: mydomain.com:3269
com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
javax.naming.InitialContext.init(Unknown Source)
javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
...
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching mydomain.com found.
sun.security.ssl.Alerts.getSSLException(Unknown Source)
sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
sun.security.ssl.Handshaker.fatalSE(Unknown Source)
sun.security.ssl.Handshaker.fatalSE(Unknown Source)
sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
sun.security.ssl.Handshaker.processLoop(Unknown Source)
sun.security.ssl.Handshaker.process_record(Unknown Source)
sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
sun.security.ssl.AppOutputStream.write(Unknown Source)
java.io.BufferedOutputStream.flushBuffer(Unknown Source)
java.io.BufferedOutputStream.flush(Unknown Source)
com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)
com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
javax.naming.InitialContext.init(Unknown Source)
javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
...
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching mydomain.com found.
sun.security.util.HostnameChecker.matchDNS(Unknown Source)
sun.security.util.HostnameChecker.match(Unknown Source)
sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
sun.security.ssl.Handshaker.processLoop(Unknown Source)
sun.security.ssl.Handshaker.process_record(Unknown Source)
sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
sun.security.ssl.AppOutputStream.write(Unknown Source)
java.io.BufferedOutputStream.flushBuffer(Unknown Source)
java.io.BufferedOutputStream.flush(Unknown Source)
com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)
com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
javax.naming.InitialContext.init(Unknown Source)
javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
原因:javax.security.auth.login.FailedLoginException:无法绑定到LDAP服务器
...
原因:javax.naming.CommunicationException:简单绑定失败:mydomain.com:3269
com.sun.jndi.ldap.LdapClient.authenticate(未知源)
com.sun.jndi.ldap.LdapCtx.connect(未知源)
com.sun.jndi.ldap.LdapCtx.(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(未知源)
javax.naming.spi.NamingManager.getInitialContext(未知源)
javax.naming.InitialContext.getDefaultInitCtx(未知源)
javax.naming.InitialContext.init(未知源)
javax.naming.ldap.InitialLdapContext。(未知源)
...
原因:javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:未找到与mydomain.com匹配的主题替代DNS名称。
sun.security.ssl.Alerts.getSSLException(未知源)
sun.security.ssl.SSLSocketImpl.fatal(未知源)
sun.security.ssl.Handshaker.fatalSE(未知源)
sun.security.ssl.Handshaker.fatalSE(未知源)
sun.security.ssl.ClientHandshaker.serverCertificate(未知源)
sun.security.ssl.ClientHandshaker.processMessage(未知源)
sun.security.ssl.Handshaker.processLoop(未知源)
sun.security.ssl.Handshaker.process\u记录(未知源)
sun.security.ssl.SSLSocketImpl.readRecord(未知源)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(未知源)
sun.security.ssl.SSLSocketImpl.writeRecord(未知源)
sun.security.ssl.AppOutputStream.write(未知源)
java.io.BufferedOutputStream.flushBuffer(未知源)
java.io.BufferedOutputStream.flush(未知源)
com.sun.jndi.ldap.Connection.writeRequest(未知源)
com.sun.jndi.ldap.Connection.writeRequest(未知源)
com.sun.jndi.ldap.LdapClient.ldapBind(未知源)
com.sun.jndi.ldap.LdapClient.authenticate(未知源)
com.sun.jndi.ldap.LdapCtx.connect(未知源)
com.sun.jndi.ldap.LdapCtx.(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(未知源)
javax.naming.spi.NamingManager.getInitialContext(未知源)
javax.naming.InitialContext.getDefaultInitCtx(未知源)
javax.naming.InitialContext.init(未知源)
javax.naming.ldap.InitialLdapContext。(未知源)
...
原因:java.security.cert.CertificateException:未找到与mydomain.com匹配的主题替代DNS名称。
sun.security.util.HostnameChecker.matchDNS(未知源)
sun.security.util.HostnameChecker.match(未知源)
sun.security.ssl.X509TrustManagerImpl.checkIdentity(未知源)
sun.security.ssl.X509TrustManagerImpl.checkIdentity(未知源)
sun.security.ssl.X509TrustManagerImpl.checkTrusted(未知源)
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(未知源)
sun.security.ssl.ClientHandshaker.serverCertificate(未知源)
sun.security.ssl.ClientHandshaker.processMessage(未知源)
sun.security.ssl.Handshaker.processLoop(未知源)
sun.security.ssl.Handshaker.process\u记录(未知源)
sun.security.ssl.SSLSocketImpl.readRecord(未知源)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(未知源)
sun.security.ssl.SSLSocketImpl.writeRecord(未知源)
sun.security.ssl.AppOutputStream.write(未知源)
java.io.BufferedOutputStream.flushBuffer(未知源)
java.io.BufferedOutputStream.flush(未知源)
com.sun.jndi.ldap.Connection.writeRequest(未知源)
com.sun.jndi.ldap.Connection.writeRequest(未知源)
com.sun.jndi.ldap.LdapClient.ldapBind(未知源)
com.sun.jndi.ldap.LdapClient.authenticate(未知源)
com.sun.jndi.ldap.LdapCtx.connect(未知源)
com.sun.jndi.ldap.LdapCtx.(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(未知源)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(未知源)
javax.naming.spi.NamingManager.getInitialContext(未知源)
javax.naming.InitialContext.getDefaultInitCtx(未知源)
javax.naming.InitialContext.init(未知源)
javax.naming.ldap.InitialLdapContext。(未知源)
我还观察到,当我尝试使用JRE 1.8.172运行应用程序时,相同的代码工作正常。在windows中,JRE 1.8.192也可以工作。
我还在DNS中添加了mydomain.com。以及我的代码中的mydomain.com证书
几个链接:-
当客户机使用SSL连接到服务器时,Java 8 update 181和更高版本中的JNDI默认设置发生了变化。如果服务器的证书主机名与客户端连接的主机不匹配,则c