Full_Name: Adolfo Cort�s Version: openldap-2.3.43-12.el5 OS: CentOS release 5.2 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (62.15.226.90) I try to connect to an Active directory from a java application using JNDI /OpenLDAP openldap-2.3.43-12.el5 in CentOS release 5.2 When i did a search i get a CommunicationException Error : javax.naming.CommunicationException: xxxxxxxx.es:636 [Root exception is java.net.UnknownHostException: xxxxxxxx.es]] xxxxxxxx.es:636 is reachable and another operations over LDAP as create user goes fine. I see that the problem is related to the DNS configuration: the Active Directory server DNS is aaaaa.bbbbb.xxxxxxxx.es but the base search is only xxxxxxxx.es when I do the search i get the exception because it takes xxxxxxxx.es instead of ssss.xxxxxxxx.es to perform the operation. I tried to solve it adding xxxxxxxx.es to hosts and writing the same IP of aaaaa.bbbbb.xxxxxxxx.es , so the bypass works and the connection goes but now i have a new problem, when i execute the search it connects but retrieves a Referral Limit Exception, i�m thinking because there are jumps or confussion between aaaaa.bbbbb.xxxxxxxx.es and xxxxxxxx.es because of the hosts bypass i did. So my workaround doesn�t works and i need to know or solve the connection problem for use subdomain DNS and domain in search base. Connection Parameters: everytihg goes right, is interesting the url, using not secure ldap protocol I also get the same error. [url: ldaps://aaaaa.bbbbb.xxxxxxxx.es] java.naming.security.authentication:simple Usuario mypassword@bbbbb.xxxxxxxx.es] Password[getLDAPropertiesSSL]:mypassword] keystore[getLDAPropertiesSSL]:/opt/java/jre/lib/security/jssecacerts trustStore[getLDAPropertiesSSL]:/opt/java/jre/lib/security/jssecacerts Especificacion uso SSL[getLDAPPropertiesSSL]java.naming.security.protocol ssl Search details: see that base DC is xxxxxxxx.es [base: OU=YYY,DC=xxxxxxxx,DC=es] [searchFilter: (&(objectClass=group)(cn={0}))] [filterArgs: new String[] {Usuarios}] [searchControls: SUBTREE_SCOPE, Atributes null, returningobjflag true] This Hosts file doesn�t produce the Communication ERROR aaaaa.bbbbb.xxxxxxxx.es ccc.ccc.ccc.ccc xxxxxxxx.es ccc.ccc.ccc.ccc With this hosts file i get the Communication ERROR aaaaa.bbbbb.xxxxxxxx.es ccc.ccc.ccc.ccc If i try this search directly in the AD server console, it works giving me the results. Thanks in advance, Adolfo
--On Thursday, October 14, 2010 10:54 AM +0000 adolfo@ingenia.es wrote: > Full_Name: Adolfo Cort?s > Version: openldap-2.3.43-12.el5 > OS: CentOS release 5.2 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (62.15.226.90) I see nothing in this report that has to do with OpenLDAP. I.e., you do not show any problems with ldapsearch or any other utility provided by the OpenLDAP Foundation. All of your information is about Java/JNDI, none of which uses the OpenLDAP Code base. I advise you to contact Oracle if you have questions/issues with JNDI. I would note that there are far superior Java API's for connecting to LDAP than JNDI, and that Active Directory, while LDAP "like", is not truly LDAP, and has many unique quirks. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
changed state Open to Closed