siegy siegy - 1 month ago 21
Java Question

LDAPConnection (org.apache.directory.ldap.client.api.LdapConnection) fails on ssl

I get an error on trying to connect to my server via 636 and ssl enabled.

I used apache directory studio to explore the Active directory and connected via port 636 and ssl (ldaps://....)

now i got the following code:

LdapConnection connection = new LdapNetworkConnection("172.16.1.8", 636, true);


and this doesn't work:

org.apache.directory.api.ldap.model.exception.LdapProtocolErrorException: PROTOCOL_ERROR: The server will disconnect!
at org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2163)
at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:129)
at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112)
at ch.berufsbildungscenter.notiztool.control.Account.login(Account.java:123)
at ch.berufsbildungscenter.notiztool.control.Account.login(Account.java:100)
at ch.berufsbildungscenter.notiztool.gui.control.LoginController$2.run(LoginController.java:53)


Someone got an idea why not?

Here's the login function:

/**
* Checks the pw with the pw on the Active Directory.
*
* @param username
* @param pw
* @param b
*
* @return true if login was successful, false if not.
*/
private static boolean login(String username, String pw, Berufsbildner b) {
if(b == null)
return false;
String cn = b.getNachname() + " " + b.getVorname();
//Create connection to the LDAP server
@SuppressWarnings("resource")
LdapConnection connection = new LdapNetworkConnection("172.16.1.8", 636, true);
//try to bind with the login data
try {
//------------------ Here's the exception
connection.bind("CN="+ cn +",OU=Ausbilder,OU=Informatiker,OU=Ascom Bern,OU=Berufsbildungscenter,DC=bbcnet,DC=ch", pw);
loggedin = true;
currentAccount = b;
} catch (LdapException e) {
e.printStackTrace();
loggedin = false;
return false;
}
return true;


Thanks

Answer

use this line to set ssl protocol:

connection.setSslProtocol("SSLv3");

and set trust manager as follwing line:

connection.setTrustManagers(new CustomTtrustManager());

CutomTrustManager is you defined trust manager by impleneting X509TrustManager or any kind of trust manaegr. for example:

public class CustomTtrustManager implements X509TrustManager
{
    public boolean isClientTrusted(X509Certificate[] cert)
    {
        return true;
    }

    public boolean isServerTrusted(X509Certificate[] cert)
    {
        try
        {
            cert[0].checkValidity();
            return true;
        }
        catch (CertificateExpiredException e)
        {
            return false;
        }
        catch (CertificateNotYetValidException e)
        {
            return false;
        }
    }

    public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
        throws CertificateException
    {
        // Do nothing for now.
    }

    public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
        throws CertificateException
    {
        // Do nothing for now.
    }

    public X509Certificate[] getAcceptedIssuers()
    {
        return new X509Certificate[0];
    }
}