LDAPConnection (org.apache.directory.ldap.client.api.LdapConnection) fails on ssl
10,837
use this line to set SSL protocol:
connection.setSslProtocol("SSLv3");
and set trust manager as following line:
connection.setTrustManagers(new CustomTtrustManager());
CutomTrustManager is you defined trust manager by implementing X509TrustManager or any kind of trust manager. for example:
public class CustomTtrustManager implements X509TrustManager
{
public boolean isClientTrusted(X509Certificate[] cert)
{
return true;
}
public boolean isServerTrusted(X509Certificate[] cert)
{
try
{
cert[0].checkValidity();
return true;
}
catch (CertificateExpiredException e)
{
return false;
}
catch (CertificateNotYetValidException e)
{
return false;
}
}
public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
throws CertificateException
{
// Do nothing for now.
}
public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
throws CertificateException
{
// Do nothing for now.
}
public X509Certificate[] getAcceptedIssuers()
{
return new X509Certificate[0];
}
}
Comments
-
siegy22 almost 2 years
I get an error on trying to connect to my server via 636 and ssl enabled.
I used apache directory studio to explore the Active directory and connected via port 636 and ssl (ldaps://....)
now i got the following code:
LdapConnection connection = new LdapNetworkConnection("172.16.1.8", 636, true);
and this doesn't work:
org.apache.directory.api.ldap.model.exception.LdapProtocolErrorException: PROTOCOL_ERROR: The server will disconnect! at org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2163) at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:129) at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112) at ch.berufsbildungscenter.notiztool.control.Account.login(Account.java:123) at ch.berufsbildungscenter.notiztool.control.Account.login(Account.java:100) at ch.berufsbildungscenter.notiztool.gui.control.LoginController$2.run(LoginController.java:53)
Someone got an idea why not?
Here's the login function:
/** * Checks the pw with the pw on the Active Directory. * * @param username * @param pw * @param b * * @return true if login was successful, false if not. */ private static boolean login(String username, String pw, Berufsbildner b) { if(b == null) return false; String cn = b.getNachname() + " " + b.getVorname(); //Create connection to the LDAP server @SuppressWarnings("resource") LdapConnection connection = new LdapNetworkConnection("172.16.1.8", 636, true); //try to bind with the login data try { //------------------ Here's the exception connection.bind("CN="+ cn +",OU=Ausbilder,OU=Informatiker,OU=Ascom Bern,OU=Berufsbildungscenter,DC=bbcnet,DC=ch", pw); loggedin = true; currentAccount = b; } catch (LdapException e) { e.printStackTrace(); loggedin = false; return false; } return true;
Thanks