1

How can I access the RedHat directory server / HP UX Directory server using LDAPS from my Java application? I am trying to access it through LDAP it's working fine but while using LDAPS it doesn't establishing the connection with the server.

Here is my code, which is not working:

public void setPassword(String userDn,String password) {
    InitialDirContext ctx=null;
    DirContext connection;
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    String systemname = "ldaps://myserver:636";
    env.put(Context.PROVIDER_URL, systemname);  
    env.put(Context.SECURITY_PRINCIPAL, "cn=directory manager");
    env.put(Context.SECURITY_CREDENTIALS, "MySecret");
    ctx = new InitialDirContext(env);
    connection = (DirContext)ctx;
    connection.lookup("dc=mydomain,dc=com");
    ModificationItem[] mods = new ModificationItem[1];
    Attribute mod0 = new BasicAttribute("userpassword",password);
    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0);
    connection.modifyAttributes(userDn, mods);
    connection.close();
}

The above code works fine if I replace the ldaps by ldap.

But I need the code to work for LDAPS as well. Some sites mention the need for a keystore, certificate, etc. But I don't know about these anything.

j0k
  • 22,600
  • 28
  • 79
  • 90
Arun
  • 55
  • 2
  • 9
  • What does "not working" mean? Do you get any exception of error message? – Joachim Sauer Oct 15 '12 at 11:03
  • isn't the ssl port '636'? My answer could be complete rubbish if it's simply that problem – Anya Shenanigans Oct 15 '12 at 11:07
  • No its not working for port number '636' also. – Arun Oct 15 '12 at 11:34
  • It throws the following Exceptions: javax.naming.CommunicationException: hpuxserver1:636 [Root exception is java.net.ConnectException: Connection timed out: connect] at com.sun.jndi.ldap.Connection.(Connection.java:200) Caused by: java.net.ConnectException: Connection timed out: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213) at java.net.Socket.connect(Socket.java:529) – Arun Oct 15 '12 at 12:14
  • So the firewall doesn't have port 636 open. – user207421 Oct 15 '12 at 22:08

2 Answers2

2

You can try a couple of things:

  • use a known good tool ldapsearch to verify that LDAP clients can connect to the server
  • use openssl s_client -connect host:port to verify clients can establish a secure connection.
Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
1

As you are using Java, you need to obtain a copy of the server's certificate or Certificate Authority Chain and add it to the Java Keystore for the JVM you are using with your code.

How to accomplish obtaining the certificate is dependent on the LDAP implementation you are using. The LDAP admin should be able to help.

As to adding the certificate(s) the the Java KeyStore, see Google.

-jim

jwilleke
  • 10,467
  • 1
  • 30
  • 51