使用Java的LDAP over SSL

前端之家收集整理的这篇文章主要介绍了使用Java的LDAP over SSL前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
以下代码工作正常:
public static void main(String[] args) {
    String userName = "admin";
    String password = "s3cret";
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL,"ldap://192.168.10.45:389/dc=softwaredev,dc=local");
    //env.put(Context.SECURITY_PROTOCOL,"ssl");
    env.put(Context.SECURITY_AUTHENTICATION,"simple");
    env.put(Context.SECURITY_PRINCIPAL,new String("softwaredev" + "\\" + userName));
    env.put(Context.SECURITY_CREDENTIALS,password);

    DirContext ctx = null;
    NamingEnumeration results = null;
    try {
        ctx = new InitialDirContext(env);
        SearchControls controls = new SearchControls();
        controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        results = ctx.search("","(objectclass=person)",controls);
        while (results.hasMore()) {
            SearchResult searchResult = (SearchResult) results.next();
            Attributes attributes = searchResult.getAttributes();
            System.out.println(" Person Common Name = " + attributes.get("cn"));
            System.out.println(" Person Display Name = " + attributes.get("displayName"));
            System.out.println(" Person logonhours = " + attributes.get("logonhours"));
            System.out.println(" Person MemberOf = " + attributes.get("memberOf"));
        }
    } catch (Throwable e) {
        e.printStackTrace();
    } finally {
        if (results != null) {
            try {
                results.close();
            } catch (Exception e) {
            }
        }
        if (ctx != null) {
            try {
                ctx.close();
            } catch (Exception e) {
            }
        }
    }
}

如果我取消注释以下行:
env.put(Context.SECURITY_PROTOCOL,“ssl”);启用S​​SL连接并使用此URL:

ldaps://192.168.10.45:636

然后程序失败,错误与证书有关.

*javax.naming.CommunicationException: simple bind Failed: 192.168.10.45:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
    at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.<init>(Unknown Source)
    at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
    at asd.LdapBasicExample.main(LdapBasicExample.java:25)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
    at sun.security.ssl.AppInputStream.read(Unknown Source)
    at java.io.BufferedInputStream.fill(Unknown Source)
    at java.io.BufferedInputStream.read1(Unknown Source)
    at java.io.BufferedInputStream.read(Unknown Source)
    at com.sun.jndi.ldap.Connection.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)*

那么,我该怎么做才能解决这个问题呢?

解决方法

Caused by: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

您的客户端信任库不信任LDAP服务器的证书.您需要让它由CA签名,或者将其从服务器导出到所有客户端信任库.获得签名最终会更容易,也更便宜.

猜你在找的Java相关文章