使用Java的LDAP over SSL

前端之家收集整理的这篇文章主要介绍了使用Java的LDAP over SSL前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
以下代码工作正常:
  1. public static void main(String[] args) {
  2. String userName = "admin";
  3. String password = "s3cret";
  4. Hashtable env = new Hashtable();
  5. env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
  6. env.put(Context.PROVIDER_URL,"ldap://192.168.10.45:389/dc=softwaredev,dc=local");
  7. //env.put(Context.SECURITY_PROTOCOL,"ssl");
  8. env.put(Context.SECURITY_AUTHENTICATION,"simple");
  9. env.put(Context.SECURITY_PRINCIPAL,new String("softwaredev" + "\\" + userName));
  10. env.put(Context.SECURITY_CREDENTIALS,password);
  11.  
  12. DirContext ctx = null;
  13. NamingEnumeration results = null;
  14. try {
  15. ctx = new InitialDirContext(env);
  16. SearchControls controls = new SearchControls();
  17. controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
  18. results = ctx.search("","(objectclass=person)",controls);
  19. while (results.hasMore()) {
  20. SearchResult searchResult = (SearchResult) results.next();
  21. Attributes attributes = searchResult.getAttributes();
  22. System.out.println(" Person Common Name = " + attributes.get("cn"));
  23. System.out.println(" Person Display Name = " + attributes.get("displayName"));
  24. System.out.println(" Person logonhours = " + attributes.get("logonhours"));
  25. System.out.println(" Person MemberOf = " + attributes.get("memberOf"));
  26. }
  27. } catch (Throwable e) {
  28. e.printStackTrace();
  29. } finally {
  30. if (results != null) {
  31. try {
  32. results.close();
  33. } catch (Exception e) {
  34. }
  35. }
  36. if (ctx != null) {
  37. try {
  38. ctx.close();
  39. } catch (Exception e) {
  40. }
  41. }
  42. }
  43. }

如果我取消注释以下行:
env.put(Context.SECURITY_PROTOCOL,“ssl”);启用S​​SL连接并使用此URL:

  1. ldaps://192.168.10.45:636

然后程序失败,错误与证书有关.

  1. *javax.naming.CommunicationException: simple bind Failed: 192.168.10.45:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
  2. at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
  3. at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
  4. at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
  5. at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
  6. at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
  7. at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
  8. at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
  9. at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
  10. at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
  11. at javax.naming.InitialContext.init(Unknown Source)
  12. at javax.naming.InitialContext.<init>(Unknown Source)
  13. at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
  14. at asd.LdapBasicExample.main(LdapBasicExample.java:25)
  15. Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  16. at sun.security.ssl.Alerts.getSSLException(Unknown Source)
  17. at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
  18. at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
  19. at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
  20. at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
  21. at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
  22. at sun.security.ssl.Handshaker.processLoop(Unknown Source)
  23. at sun.security.ssl.Handshaker.process_record(Unknown Source)
  24. at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
  25. at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
  26. at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
  27. at sun.security.ssl.AppInputStream.read(Unknown Source)
  28. at java.io.BufferedInputStream.fill(Unknown Source)
  29. at java.io.BufferedInputStream.read1(Unknown Source)
  30. at java.io.BufferedInputStream.read(Unknown Source)
  31. at com.sun.jndi.ldap.Connection.run(Unknown Source)
  32. at java.lang.Thread.run(Unknown Source)
  33. Caused by: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  34. at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
  35. at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
  36. at sun.security.validator.Validator.validate(Unknown Source)
  37. at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
  38. at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
  39. at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
  40. ... 13 more
  41. Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  42. at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
  43. at java.security.cert.CertPathBuilder.build(Unknown Source)*

那么,我该怎么做才能解决这个问题呢?

解决方法

Caused by: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

您的客户端信任库不信任LDAP服务器的证书.您需要让它由CA签名,或者将其从服务器导出到所有客户端信任库.获得签名最终会更容易,也更便宜.

猜你在找的Java相关文章