通过SSL连接到IBM Tivoli Directory时,LDAP搜索断开连接
[英]LDAP Search disconnecting when connecting via SSL to IBM Tivoli Directory
问题描述
I am working on an application that has LDAP connectivity. 
我正在开发具有LDAP连接的应用程序。 We have, up until now, used only the Open JLDAP libraries to perform LDAP searches and authentication. 到目前为止,我们仅使用Open JLDAP库执行LDAP搜索和身份验证。 We have many clients who use this successfully, connecting to Active Directory and Oracle Internet Directory, with both unencrypted and SSL connections. 我们有许多成功使用此功能的客户端,它们都通过未加密和SSL连接连接到Active Directory和Oracle Internet Directory。
We recently had a client that uses IBM Tivoli Directory, the OpenLDAP libraries connect to this server fine, when in standard mode (non-SSL), however when using SSL the connection will be disconnected when performing searches. 最近,我们有一个使用IBM Tivoli Directory的客户机,在标准模式(非SSL)下,OpenLDAP库可以很好地连接到该服务器,但是,当使用SSL时,执行搜索时将断开连接。 Binding and reads work ok. 绑定和读取工作正常。
The error that we get is: 我们得到的错误是:
LDAPException: Connection lost waiting for results from ldap.host:389 (91) Connect Error java.io.EOFException: BERDecoder: decode: EOF in Identifier LDAPException:连接丢失,正在等待来自ldap.host的结果:389(91)连接错误java.io.EOFException:BERDecoder:解码:标识符中的EOF
I thought this was a problem with JLDAP, so i replaced our code with UnboundId LDAP library, except I get a similar problem.. The connection disconnects only when peforming a search, only under SSL. 我以为这是JLDAP的问题,所以我用UnboundId LDAP库替换了我们的代码,除了我遇到类似的问题。.仅在执行搜索时,仅在SSL下,连接才会断开。
As a test, I installed the trial version of Tivoli Directory, and enabled SSL. 作为测试,我安装了Tivoli Directory的试用版,并启用了SSL。 Both the JLDAP and UnBoundID libraries work correctly against my instance. JLDAP和UnBoundID库都可以针对我的实例正常工作。
Is there any configuration options on Tivoli that would cause connections to be dropped only under SSL? Tivoli上是否有任何配置选项会导致仅在SSL下丢弃连接?
I have an LDAP tool (jxplorer) that can connect and search the clients LDAP server over SSL. 我有一个LDAP工具(jxplorer),可以通过SSL连接并搜索客户端LDAP服务器。 I think jxplorer uses the JNDI libraries for it's LDAP connection. 我认为jxplorer使用JNDI库进行LDAP连接。
I wanted to see if there was anything else I could try before porting my LDAP code to use the JNDI LDAP code... (which might still have the same problem). 我想看看在移植LDAP代码以使用JNDI LDAP代码之前是否还有其他尝试...(可能仍然存在相同的问题)。
Ideas welcome... 想法表示欢迎...
Thanks. 谢谢。
3 个解决方案
解决方案1
0 2012-08-15 22:43:10
THe server is dropping the connection. 服务器正在断开连接。 Have a look at its timeout settings in SSL mode. 查看它在SSL模式下的超时设置。
JXplorer uses its own LDAP libraries, not JNDI. JXplorer使用自己的LDAP库,而不是JNDI。
解决方案2
0 已采纳 2013-02-17 05:47:31
I found my own answer to this. 我找到了自己的答案。 There was a problem with Java's SSL implementation in the JNDI libraries between Java 1.6_18 to Java 1.6_28, and the issue was also present in Java 1.7 until a recent patch. 在Java 1.6_18到Java 1.6_28之间的JNDI库中,Java的SSL实现存在问题,并且直到最近的补丁程序才在Java 1.7中出现此问题。
解决方案3
0 2016-05-10 11:31:04
I have seen the same Exception of: 我见过同样的例外:
LDAPException: Connection lost waiting for results from ldap.host:636 (91) Connect Error java.io.EOFException: BERDecoder: decode: EOF in Identifier
when attempting to connection to the SSL port with a non SSL socket factory. 尝试使用非SSL套接字工厂连接到SSL端口时。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.