[Date Prev][Date Next] [Chronological] [Thread] [Top]

Jldap with SSL Fails

To: openldap-software@OpenLDAP.org
Subject: Jldap with SSL Fails
From: Gary Gwin <gary@cafesoft.com>
Date: Fri, 07 Dec 2001 13:45:23 -0800
Organization: Cafesoft

I'm having problems with multiple connection requests when using Jldap with SSL.
I believe I have everything configured correctly including keystores,
certificates, classpaths, etc. In fact, the test program below (and my actual
program) runs fine for me if I run it with the -Djavax.net.debug="all" flag:


java -classpath
"C:\tmp\ldaptest\classes;C:\lib\ldap.jar;C:\lib\jcert.jar;C:\lib\jnet.jar;C:\lib\jsse.jar"
-Djavax.net.debug="all" SSLConnection serverName "cn=manager,dc=company,dc=com"
goober c:\tmp\ldaptest\keystore\sslkey.keystore 


I have tried this test against a build of the latest Jldap sources, the binaries
from Novell, and with the Novell security provider. No luck. Does anyone know
what's going on here? Is anyone else using Jldap, or should I punt and go to
JNDI?

Thanks,

Gary


/*
 * Test of Jldap SSL with Sun security provider (a slight modification of
Novell's SSLConnection.
 */
import com.novell.ldap.*;
import java.security.Security;

public class SSLConnection
{
        public static void main( String[] args )
        {
                if (args.length != 4) {
                   System.err.println("Usage:   java SSLConnection <localhost>"
                                                        + " <login dn>
<password>
<Keystore_path>");
                   System.err.println("Example: java SSLConnection Acme.com"
                                                        + " \"cn=Admin,o=Acme\"
secret
/work/ssl.keystore");
                   System.exit(1);
                }

                int ldapPort = LDAPConnection.DEFAULT_SSL_PORT;
                int ldapVersion = LDAPConnection.LDAP_V3;
                String ldapHost = args[0];
                String loginDN = args[1];
                String password = args[2];
                String path = args[3];

                LDAPSocketFactory ssf = null;
                //dynamically set JSSE as a security provider
                Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());

                //dynamically set the property that JSSE uses to identify
                //the keystore that holds trusted root certificates
                System.setProperty("javax.net.ssl.trustStore", path);

                // The socket factory must be set before the connection is made.
                ssf = new LDAPJSSESecureSocketFactory();
                if (ldapPort == LDAPConnection.DEFAULT_SSL_PORT)
                        LDAPConnection.setSocketFactory(ssf);

                for(int i=0; i <= 2; i++)
                {
                        try
                        {
                                // Note: the socket factory can also be passed
in as a
paremeter
                                // to the constructor.
                                LDAPConnection lc = new LDAPConnection();

                                // connect to the server
                                lc.connect( ldapHost, ldapPort );

                                // authenticate to the server
                                lc.bind( ldapVersion, loginDN, password );

                                // at this point you are connected with a secure
connection

                                System.err.println( "Successful SSL bind with
server.");

                                lc.disconnect();
                        }
                        catch( LDAPException e ) {
                                System.out.println( "Error: " + e.toString() );
                        }
                }
        }
}

Prev by Date: SASL woes solved
Next by Date: Re: OID can not be string any more? From which version?
Index(es):
- Chronological
- Thread