Java Spring LdapContextSource忽略SSLSocketFactory_Java_Spring_Ssl_Spring Ldap

Java Spring LdapContextSource忽略SSLSocketFactory

java spring ssl

Java Spring LdapContextSource忽略SSLSocketFactory,java,spring,ssl,spring-ldap,Java,Spring,Ssl,Spring Ldap,SpringLDAP 1.3.1 为了使用TLS测试SpringLDAP，我创建了一个接受所有证书的CustomSSLSocketFactory类（我知道这个类的安全问题）但是，运行测试会导致 PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 启用SS

SpringLDAP 1.3.1

为了使用TLS测试SpringLDAP，我创建了一个接受所有证书的CustomSSLSocketFactory类（我知道这个类的安全问题）

但是，运行测试会导致

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

启用SSL调试后，将记录标准信任库：

trustStore is: [path_to_jre]\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore

这就是测试的执行方式：

    LdapContextSource lcs = new LdapContextSource();

    lcs.setBase("[base]");
    lcs.setUserDn("[userDn]");
    lcs.setPassword("[password]");
    lcs.setPooled(false);
    lcs.setUrl("ldaps://[server-address]:636");

    DefaultTlsDirContextAuthenticationStrategy strategy = new DefaultTlsDirContextAuthenticationStrategy();
    strategy.setShutdownTlsGracefully(true);
    strategy.setSslSocketFactory(new CustomSSLSocketFactory());  // <-- not considered at all
    strategy.setHostnameVerifier(new HostnameVerifier(){

        @Override
        public boolean verify(String hostname, SSLSession session){

            return true;
        }
    });

    lcs.setAuthenticationStrategy(strategy);
    lcs.afterPropertiesSet();
    lcs.getContext("[principal]", "[credential]");

握手的效果超出预期，但出现另一个错误：

javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090DF2, comment: TLS or SSL already in effect, data 0, v1db1
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.extendedOperation(Unknown Source)
at javax.naming.ldap.InitialLdapContext.extendedOperation(Unknown Source)
at org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy.processContextAfterCreation(AbstractTlsDirContextAuthenticationStrategy.java:133)
at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:109)

所以问题是：如何正确设置SpringLDAP以使其使用提供的SSLSocketFactory？

由于ldaps URL，它实际上失败了。如果相应地设置了信任库，则会出现一个异常，表明TLS/SSL无法建立，因为它已在运行（因此无法组合ldaps URL和DefaultTlsDirContextAuthenticationStrategy）

另外，StartTLS是否在端口389上工作似乎取决于目录。

要修复此错误，请使用

SimpleDirContextAuthenticationStrategy

而不是

DefaultTlsDirContextAuthenticationStrategy

对于像我这样的傻瓜，解决方案是：切换协议ldap->ldap。根据LDAP服务器设置，您可能还必须切换端口。如果您使用的是标准端口，请切换端口636->389。

javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090DF2, comment: TLS or SSL already in effect, data 0, v1db1
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.extendedOperation(Unknown Source)
at javax.naming.ldap.InitialLdapContext.extendedOperation(Unknown Source)
at org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy.processContextAfterCreation(AbstractTlsDirContextAuthenticationStrategy.java:133)
at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:109)