ldap ssl java_使用Java的LDAP over SSL

最新推荐文章于 2021-03-28 08:11:13 发布

MurcielagoS

最新推荐文章于 2021-03-28 08:11:13 发布

阅读量244

点赞数

文章标签： ldap ssl java

本文链接：https://blog.csdn.net/weixin_35793018/article/details/114069404

版权

本文介绍如何在Java中实现LDAP over SSL连接。通过启用`env.put(Context.SECURITY_PROTOCOL, ""ssl"");`，程序尝试连接到ldaps://192.168.10.45:636，但遇到了证书验证失败的问题。错误信息显示无法找到有效的证书路径。为了解决这个问题，需要将服务器的证书添加到Java的信任库中。" 127766845,7440787,Flutter项目.gitignore配置与问题解决,"['Flutter', 'Android开发', 'iOS开发', '版本控制']

摘要由CSDN通过智能技术生成

以下代码工作正常：

public static void main(String[] args) {

String userName = "admin";

String password = "s3cret";

Hashtable env = new Hashtable();

env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL,"ldap://192.168.10.45:389/dc=softwaredev,dc=local");

//env.put(Context.SECURITY_PROTOCOL,"ssl");

env.put(Context.SECURITY_AUTHENTICATION,"simple");

env.put(Context.SECURITY_PRINCIPAL,new String("softwaredev" + "\\" + userName));

env.put(Context.SECURITY_CREDENTIALS,password);

DirContext ctx = null;

NamingEnumeration results = null;

try {

ctx = new InitialDirContext(env);

SearchControls controls = new SearchControls();

controls.setSearchScope(SearchControls.SUBTREE_SCOPE);

results = ctx.search("","(objectclass=person)",controls);

while (results.hasMore()) {

SearchResult searchResult = (SearchResult) results.next();

Attributes attributes = searchResult.getAttributes();

System.out.println(" Person Common Name = " + attributes.get("cn"));

System.out.println(" Person Display Name = " + attributes.get("displayName"));

System.out.println(" Person logonhours = " + attributes.get("logonhours"));

System.out.println(" Person MemberOf = " + attributes.get("memberOf"));

}

} catch (Throwable e) {

e.printStackTrace();

} finally {

if (results != null) {

try {

results.close();

} catch (Exception e) {

}

if (ctx != null) {

try {

ctx.close();

} catch (Exception e) {

}

如果我取消注释以下行：

env.put(Context.SECURITY_PROTOCOL,“ssl”);启用SSL连接并使用此URL：

ldaps://192.168.10.45:636

然后程序失败,错误与证书有关.

*javax.naming.CommunicationException: simple bind Failed: 192.168.10.45:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)

at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)

at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)

at javax.naming.InitialContext.init(Unknown Source)

at javax.naming.InitialContext.(Unknown Source)

at javax.naming.directory.InitialDirContext.(Unknown Source)

at asd.LdapBasicExample.main(LdapBasicExample.java:25)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

at sun.security.ssl.Handshaker.processLoop(Unknown Source)

at sun.security.ssl.Handshaker.process_record(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)

at sun.security.ssl.AppInputStream.read(Unknown Source)

at java.io.BufferedInputStream.fill(Unknown Source)

at java.io.BufferedInputStream.read1(Unknown Source)

at java.io.BufferedInputStream.read(Unknown Source)

at com.sun.jndi.ldap.Connection.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Caused by: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

at sun.security.validator.Validator.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

... 13 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)

at java.security.cert.CertPathBuilder.build(Unknown Source)*

那么,我该怎么做才能解决这个问题呢？