[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLdap Fails with JNDI/SSL Connects

To: openldap-software@OpenLDAP.org
Subject: OpenLdap Fails with JNDI/SSL Connects
From: Gary Gwin <gary@cafesoft.com>
Date: Wed, 12 Dec 2001 13:20:46 -0800
Organization: Cafesoft

I've tested Jldap and JNDI using SSL against OpenLdap and both hang upon
attempting a second connection/bind operation (e.g. SSL is setup correctly for
at least one successful operation). I'm using RedHat Linux 7.1, OpenLdap 2.0.11
and 2.0.18, and OpenSSL 9.6. I've also tried compiling the test programs with
both JDK 1.3.1 (with JSSE 1.0.2) and JDK 1.4 beta 3 (which includes JSSE), with
no difference. In all cases, the same test programs work fine over non-SSL
connections. The JNDI program is included below. Also, if you startup the test
program with the -Djavax.net.debug="all" flag, it mysteriously works.

I've also successfully tested (with the help of Novell), the same Jldap and JNDI
test programs with SSL against Novell eDirectory 8.5 (NetWare 5.1) and iPlant
5.1 on NT 4.0.

It appears that the problem is with OpenSSL/OpenLdap on RedHat Linux 7.1. Does
anyone know of any configuration issues or known bugs that might cause such a
problem?

Gary

/*
 * Test of JNDI and SSL with Sun security provider.
 */

 import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.directory.Attributes;
import javax.naming.NamingException;
import javax.naming.ldap.*;
import javax.net.ssl.*;

import java.security.Security;

public class SslConnect
{
	public static void main(String[] args)
	{
		String path = "C:/tmp/testJNDI/sslkey.keystore";
		boolean isSsl = true;

		//dynamically set JSSE as a security provider
		//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

		//dynamically set the property that JSSE uses to identify
		//the keystore that holds trusted root certificates
		System.setProperty("javax.net.ssl.trustStore", path);

		// Set up the environment for creating the initial context
		Hashtable env = new Hashtable();
		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
		if (!isSsl)
		{
			env.put(Context.PROVIDER_URL, "ldap://testhost:389/dc=domain,dc=com";);
		}
		else
		{
			env.put(Context.PROVIDER_URL, "ldap://testhost:636/dc=domain,dc=com";);
			env.put(Context.SECURITY_PROTOCOL, "ssl");
		}
		System.err.println("Using SSL = " + isSsl);

		// Authenticate
		env.put(Context.SECURITY_AUTHENTICATION, "simple");
		env.put(Context.SECURITY_PRINCIPAL,
"uid=testUser,ou=people,dc=domain,dc=com");
		env.put(Context.SECURITY_CREDENTIALS, "password");

		for(int i=0; i <= 2; i++)
		{
			try
			{
				LdapContext ctx = new InitialLdapContext(env, null);
				Attributes attrs = ctx.getAttributes("uid=test,ou=people");
				System.err.println("The uid = '" + attrs.get("uid").get() + "'");
				System.err.println("The loop i = '" + i + "'");
			}
			catch(Exception e )
			{
				System.err.println( "Error: " + e.toString() );
			}
		}
	}
}

Follow-Ups:
- Re: OpenLdap Fails with JNDI/SSL Connects
  - From: Sergio Talens-Oliag <sto@isoco.com>

Prev by Date: Re: PHP/Perl scripts for Openldap?
Next by Date: RE: PHP/Perl scripts for Openldap?
Index(es):
- Chronological
- Thread