You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Syed Mudassir Ahmed <sy...@gaiatv.in> on 2014/11/05 17:13:02 UTC
Secured LDAP Account
I am trying to obtain an ldap connection. Using port 389 I am successfully
able to get connection.
But when I try to use LdapNetworkConnection(<IP Address>, 636, true) and
then invoke bind(dn, password), I am getting PROTOCOL_ERROR.
Using LdapBrowser I am able to connect to my LDAP server over port 636.
But through Java program its not getting connected. Can u help?
Thanks,
Syed.
Syed M Ahmed
Senior Member of Technical Staff
Gaian Solutions India Pvt Ltd
Re: Secured LDAP Account
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 05/11/14 18:07, Ike Ikonne a écrit :
> Hi Syed,
>
> Just to make sure, you may add this to the command-line
> that you are using to run your Java program,
>
> -Djavax.net.debug=ssl,handshake,trustmanager
>
> This will tell all the truth about what is going on regarding
> the SSL aspect of the connection.
>
> Thanks,
>
> Ike
Otherwise, have a look at the tests :
http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java?revision=1567956&view=markup
the testBindRequest() test is doing a secured bind request, so is
testStartTLSBindRequest() but this time using TLS (the right way to
establish a secured connection).
In any case, that requires to define a LdapConnectionConfig instance
(see the setup() method for that). The critical point is to define a
valid Trustmanager which will validate the certificates. In teh samples,
we use a Trustmanager that does not check teh certificate.
Hope it helps.
Side note : we would fancy a JIRA to get the doccumentation imrpoved.
It's really needing some love...
Re: Secured LDAP Account
Posted by Ike Ikonne <ii...@us.ibm.com>.
Hi Syed,
Just to make sure, you may add this to the command-line
that you are using to run your Java program,
-Djavax.net.debug=ssl,handshake,trustmanager
This will tell all the truth about what is going on regarding
the SSL aspect of the connection.
Thanks,
Ike
From: Syed Mudassir Ahmed <sy...@gaiatv.in>
To: users@directory.apache.org,
Date: 11/05/2014 10:57 AM
Subject: Re: Secured LDAP Account
Yes,
Certificate is generated on the server side. And port is 636.
I am able to connect to my server through LDAPBrowser using LDAPS
protocol and 636 port number.
But not using java program.
Thanks,
Syed.
Syed M Ahmed
Senior Member of Technical Staff
Gaian Solutions India Pvt Ltd
On Wed, Nov 5, 2014 at 9:56 PM, Ike Ikonne <ii...@us.ibm.com> wrote:
> Hi all,
>
> Do you have the LDAP Server certificate included in your
> TrustManager Algorithm? Also, make sure that you are using
> secure socket to bind to port 636.
>
> Ike
>
>
>
>
> From: Syed Mudassir Ahmed <sy...@gaiatv.in>
> To: users@directory.apache.org,
> Date: 11/05/2014 10:14 AM
> Subject: Secured LDAP Account
>
>
>
> I am trying to obtain an ldap connection. Using port 389 I am
> successfully
> able to get connection.
> But when I try to use LdapNetworkConnection(<IP Address>, 636, true) and
> then invoke bind(dn, password), I am getting PROTOCOL_ERROR.
> Using LdapBrowser I am able to connect to my LDAP server over port 636.
> But through Java program its not getting connected. Can u help?
>
> Thanks,
> Syed.
>
> Syed M Ahmed
> Senior Member of Technical Staff
> Gaian Solutions India Pvt Ltd
>
>
Re: Secured LDAP Account
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 05/11/14 19:57, Syed Mudassir a écrit :
> Thanks Ike and Emmanuel. It worked.
> Just one more question, how to use a trustmanager to perform certificate
> validation? Any reference?
That is basic Java Security things. You'll find plenty of informations
about it on the web. Just ask Google...
Re: Secured LDAP Account
Posted by Syed Mudassir <sy...@gaiatv.in>.
Thanks Ike and Emmanuel. It worked.
Just one more question, how to use a trustmanager to perform certificate
validation? Any reference?
On Wednesday 05 November 2014 11:52 PM, Ike Ikonne wrote:
> Hi Syed,
>
> Try this link that has already been suggested to you in the
> previous thread ... you should see an example of how to
> specify a trustmanager that won't do any certificate
> validation. Once you get this working, then, you will
> build on it and then use a trustmanager that would actually
> perform certificate validation.
>
> http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java?revision=1567956&view=markup
>
>
>
>
>
> From: Syed Mudassir Ahmed <sy...@gaiatv.in>
> To: users@directory.apache.org,
> Date: 11/05/2014 12:16 PM
> Subject: Re: Secured LDAP Account
>
>
>
> No, I don't. Good question. I have no idea as well.
> Can you please provide an example/reference that I can follow?
>
> Thanks,
> Syed.
>
> Syed M Ahmed
> Senior Member of Technical Staff
> Gaian Solutions India Pvt Ltd
>
>
> On Wed, Nov 5, 2014 at 10:31 PM, Ike Ikonne <ii...@us.ibm.com> wrote:
>
>> Hi Syed,
>>
>> So, in your Java program, do you have the server certificate in the
>> keystore that your Java program is using to establish SSL connection
>> with the LDAP server?
>>
>> Thanks,
>>
>> Ike
>>
>>
>>
>>
>> From: Syed Mudassir Ahmed <sy...@gaiatv.in>
>> To: users@directory.apache.org,
>> Date: 11/05/2014 10:57 AM
>> Subject: Re: Secured LDAP Account
>>
>>
>>
>> Yes,
>> Certificate is generated on the server side. And port is 636.
>> I am able to connect to my server through LDAPBrowser using LDAPS
>> protocol and 636 port number.
>> But not using java program.
>>
>> Thanks,
>> Syed.
>>
>> Syed M Ahmed
>> Senior Member of Technical Staff
>> Gaian Solutions India Pvt Ltd
>>
>>
>> On Wed, Nov 5, 2014 at 9:56 PM, Ike Ikonne <ii...@us.ibm.com> wrote:
>>
>>> Hi all,
>>>
>>> Do you have the LDAP Server certificate included in your
>>> TrustManager Algorithm? Also, make sure that you are using
>>> secure socket to bind to port 636.
>>>
>>> Ike
>>>
>>>
>>>
>>>
>>> From: Syed Mudassir Ahmed <sy...@gaiatv.in>
>>> To: users@directory.apache.org,
>>> Date: 11/05/2014 10:14 AM
>>> Subject: Secured LDAP Account
>>>
>>>
>>>
>>> I am trying to obtain an ldap connection. Using port 389 I am
>>> successfully
>>> able to get connection.
>>> But when I try to use LdapNetworkConnection(<IP Address>, 636, true)
> and
>>> then invoke bind(dn, password), I am getting PROTOCOL_ERROR.
>>> Using LdapBrowser I am able to connect to my LDAP server over port
> 636.
>>> But through Java program its not getting connected. Can u help?
>>>
>>> Thanks,
>>> Syed.
>>>
>>> Syed M Ahmed
>>> Senior Member of Technical Staff
>>> Gaian Solutions India Pvt Ltd
>>>
>>>
>>
>
Re: Secured LDAP Account
Posted by Ike Ikonne <ii...@us.ibm.com>.
Hi Syed,
Try this link that has already been suggested to you in the
previous thread ... you should see an example of how to
specify a trustmanager that won't do any certificate
validation. Once you get this working, then, you will
build on it and then use a trustmanager that would actually
perform certificate validation.
http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java?revision=1567956&view=markup
From: Syed Mudassir Ahmed <sy...@gaiatv.in>
To: users@directory.apache.org,
Date: 11/05/2014 12:16 PM
Subject: Re: Secured LDAP Account
No, I don't. Good question. I have no idea as well.
Can you please provide an example/reference that I can follow?
Thanks,
Syed.
Syed M Ahmed
Senior Member of Technical Staff
Gaian Solutions India Pvt Ltd
On Wed, Nov 5, 2014 at 10:31 PM, Ike Ikonne <ii...@us.ibm.com> wrote:
> Hi Syed,
>
> So, in your Java program, do you have the server certificate in the
> keystore that your Java program is using to establish SSL connection
> with the LDAP server?
>
> Thanks,
>
> Ike
>
>
>
>
> From: Syed Mudassir Ahmed <sy...@gaiatv.in>
> To: users@directory.apache.org,
> Date: 11/05/2014 10:57 AM
> Subject: Re: Secured LDAP Account
>
>
>
> Yes,
> Certificate is generated on the server side. And port is 636.
> I am able to connect to my server through LDAPBrowser using LDAPS
> protocol and 636 port number.
> But not using java program.
>
> Thanks,
> Syed.
>
> Syed M Ahmed
> Senior Member of Technical Staff
> Gaian Solutions India Pvt Ltd
>
>
> On Wed, Nov 5, 2014 at 9:56 PM, Ike Ikonne <ii...@us.ibm.com> wrote:
>
> > Hi all,
> >
> > Do you have the LDAP Server certificate included in your
> > TrustManager Algorithm? Also, make sure that you are using
> > secure socket to bind to port 636.
> >
> > Ike
> >
> >
> >
> >
> > From: Syed Mudassir Ahmed <sy...@gaiatv.in>
> > To: users@directory.apache.org,
> > Date: 11/05/2014 10:14 AM
> > Subject: Secured LDAP Account
> >
> >
> >
> > I am trying to obtain an ldap connection. Using port 389 I am
> > successfully
> > able to get connection.
> > But when I try to use LdapNetworkConnection(<IP Address>, 636, true)
and
> > then invoke bind(dn, password), I am getting PROTOCOL_ERROR.
> > Using LdapBrowser I am able to connect to my LDAP server over port
636.
> > But through Java program its not getting connected. Can u help?
> >
> > Thanks,
> > Syed.
> >
> > Syed M Ahmed
> > Senior Member of Technical Staff
> > Gaian Solutions India Pvt Ltd
> >
> >
>
>
Re: Secured LDAP Account
Posted by Syed Mudassir Ahmed <sy...@gaiatv.in>.
No, I don't. Good question. I have no idea as well.
Can you please provide an example/reference that I can follow?
Thanks,
Syed.
Syed M Ahmed
Senior Member of Technical Staff
Gaian Solutions India Pvt Ltd
On Wed, Nov 5, 2014 at 10:31 PM, Ike Ikonne <ii...@us.ibm.com> wrote:
> Hi Syed,
>
> So, in your Java program, do you have the server certificate in the
> keystore that your Java program is using to establish SSL connection
> with the LDAP server?
>
> Thanks,
>
> Ike
>
>
>
>
> From: Syed Mudassir Ahmed <sy...@gaiatv.in>
> To: users@directory.apache.org,
> Date: 11/05/2014 10:57 AM
> Subject: Re: Secured LDAP Account
>
>
>
> Yes,
> Certificate is generated on the server side. And port is 636.
> I am able to connect to my server through LDAPBrowser using LDAPS
> protocol and 636 port number.
> But not using java program.
>
> Thanks,
> Syed.
>
> Syed M Ahmed
> Senior Member of Technical Staff
> Gaian Solutions India Pvt Ltd
>
>
> On Wed, Nov 5, 2014 at 9:56 PM, Ike Ikonne <ii...@us.ibm.com> wrote:
>
> > Hi all,
> >
> > Do you have the LDAP Server certificate included in your
> > TrustManager Algorithm? Also, make sure that you are using
> > secure socket to bind to port 636.
> >
> > Ike
> >
> >
> >
> >
> > From: Syed Mudassir Ahmed <sy...@gaiatv.in>
> > To: users@directory.apache.org,
> > Date: 11/05/2014 10:14 AM
> > Subject: Secured LDAP Account
> >
> >
> >
> > I am trying to obtain an ldap connection. Using port 389 I am
> > successfully
> > able to get connection.
> > But when I try to use LdapNetworkConnection(<IP Address>, 636, true) and
> > then invoke bind(dn, password), I am getting PROTOCOL_ERROR.
> > Using LdapBrowser I am able to connect to my LDAP server over port 636.
> > But through Java program its not getting connected. Can u help?
> >
> > Thanks,
> > Syed.
> >
> > Syed M Ahmed
> > Senior Member of Technical Staff
> > Gaian Solutions India Pvt Ltd
> >
> >
>
>
Re: Secured LDAP Account
Posted by Ike Ikonne <ii...@us.ibm.com>.
Hi Syed,
So, in your Java program, do you have the server certificate in the
keystore that your Java program is using to establish SSL connection
with the LDAP server?
Thanks,
Ike
From: Syed Mudassir Ahmed <sy...@gaiatv.in>
To: users@directory.apache.org,
Date: 11/05/2014 10:57 AM
Subject: Re: Secured LDAP Account
Yes,
Certificate is generated on the server side. And port is 636.
I am able to connect to my server through LDAPBrowser using LDAPS
protocol and 636 port number.
But not using java program.
Thanks,
Syed.
Syed M Ahmed
Senior Member of Technical Staff
Gaian Solutions India Pvt Ltd
On Wed, Nov 5, 2014 at 9:56 PM, Ike Ikonne <ii...@us.ibm.com> wrote:
> Hi all,
>
> Do you have the LDAP Server certificate included in your
> TrustManager Algorithm? Also, make sure that you are using
> secure socket to bind to port 636.
>
> Ike
>
>
>
>
> From: Syed Mudassir Ahmed <sy...@gaiatv.in>
> To: users@directory.apache.org,
> Date: 11/05/2014 10:14 AM
> Subject: Secured LDAP Account
>
>
>
> I am trying to obtain an ldap connection. Using port 389 I am
> successfully
> able to get connection.
> But when I try to use LdapNetworkConnection(<IP Address>, 636, true) and
> then invoke bind(dn, password), I am getting PROTOCOL_ERROR.
> Using LdapBrowser I am able to connect to my LDAP server over port 636.
> But through Java program its not getting connected. Can u help?
>
> Thanks,
> Syed.
>
> Syed M Ahmed
> Senior Member of Technical Staff
> Gaian Solutions India Pvt Ltd
>
>
Re: Secured LDAP Account
Posted by Syed Mudassir Ahmed <sy...@gaiatv.in>.
Yes,
Certificate is generated on the server side. And port is 636.
I am able to connect to my server through LDAPBrowser using LDAPS
protocol and 636 port number.
But not using java program.
Thanks,
Syed.
Syed M Ahmed
Senior Member of Technical Staff
Gaian Solutions India Pvt Ltd
On Wed, Nov 5, 2014 at 9:56 PM, Ike Ikonne <ii...@us.ibm.com> wrote:
> Hi all,
>
> Do you have the LDAP Server certificate included in your
> TrustManager Algorithm? Also, make sure that you are using
> secure socket to bind to port 636.
>
> Ike
>
>
>
>
> From: Syed Mudassir Ahmed <sy...@gaiatv.in>
> To: users@directory.apache.org,
> Date: 11/05/2014 10:14 AM
> Subject: Secured LDAP Account
>
>
>
> I am trying to obtain an ldap connection. Using port 389 I am
> successfully
> able to get connection.
> But when I try to use LdapNetworkConnection(<IP Address>, 636, true) and
> then invoke bind(dn, password), I am getting PROTOCOL_ERROR.
> Using LdapBrowser I am able to connect to my LDAP server over port 636.
> But through Java program its not getting connected. Can u help?
>
> Thanks,
> Syed.
>
> Syed M Ahmed
> Senior Member of Technical Staff
> Gaian Solutions India Pvt Ltd
>
>
Re: Secured LDAP Account
Posted by Ike Ikonne <ii...@us.ibm.com>.
Hi all,
Do you have the LDAP Server certificate included in your
TrustManager Algorithm? Also, make sure that you are using
secure socket to bind to port 636.
Ike
From: Syed Mudassir Ahmed <sy...@gaiatv.in>
To: users@directory.apache.org,
Date: 11/05/2014 10:14 AM
Subject: Secured LDAP Account
I am trying to obtain an ldap connection. Using port 389 I am
successfully
able to get connection.
But when I try to use LdapNetworkConnection(<IP Address>, 636, true) and
then invoke bind(dn, password), I am getting PROTOCOL_ERROR.
Using LdapBrowser I am able to connect to my LDAP server over port 636.
But through Java program its not getting connected. Can u help?
Thanks,
Syed.
Syed M Ahmed
Senior Member of Technical Staff
Gaian Solutions India Pvt Ltd