免责声明:此帖与{ - 3}},1类似。 但是,它并不完全相同。堆栈跟踪是不同的。我按照这些帖子中的答案进行了解答,但是我们没有帮助解决我的问题,否则我完全不了解它们。由于我无法评论这些帖子,我在这里提出我的问题。
好的,我们希望为我们目前使用标准LDAP的产品启用LDAP over SSL(又称LDAPS)支持。我还没有能够让它工作,所以如果有人能看到我做错了什么,请告知。
我按照2程序发布并安装了SSL证书。该过程包括在{8}}指定的Java密钥库上安装证书。这是我用来安装证书的命令:
keytool -import -keystore .\jre\lib\security\cacerts -file path\to\client.crt
请注意,指定的密钥库是' cacerts',也许这是错误的(?)。
我用来初始化上下文的代码:
...
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldaps://" + serverAddress);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, administratorName);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.REFERRAL, "follow");
LdapContext ldapContext = null;
try {
ldapContext = new InitialLdapContext(env, null);
...
这里我得到一个例外 - "简单绑定失败..",带有以下堆栈跟踪:
javax.naming.CommunicationException: simple bind failed: 172.23.30.104:636 [Root exception is javax.net.ssl.SSLException: java.net.SocketException: Connection reset]
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
...
Caused by: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at com.sun.jndi.ldap.Connection.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
... 6 more
通过删除SECURITY_PROTOCOL行并将提供者URL更改为&#34; ldap://...&#34;该程序可以正常工作(显然没有SSL) (没有&#39;)。
再说一遍,这里缺少什么?
干杯, 吉拉德。