stackoom
  简体   繁体   中英

LDAP Search disconnecting when connecting via SSL to IBM Tivoli Directory

 原文  2012-08-13 03:24:04       java/ ldap/ openldap/ tivoli/ unboundid-ldap-sdk

Question

I am working on an application that has LDAP connectivity. We have, up until now, used only the Open JLDAP libraries to perform LDAP searches and authentication. We have many clients who use this successfully, connecting to Active Directory and Oracle Internet Directory, with both unencrypted and SSL connections.

We recently had a client that uses IBM Tivoli Directory, the OpenLDAP libraries connect to this server fine, when in standard mode (non-SSL), however when using SSL the connection will be disconnected when performing searches. Binding and reads work ok.

The error that we get is:

LDAPException: Connection lost waiting for results from ldap.host:389 (91) Connect Error java.io.EOFException: BERDecoder: decode: EOF in Identifier

I thought this was a problem with JLDAP, so i replaced our code with UnboundId LDAP library, except I get a similar problem.. The connection disconnects only when peforming a search, only under SSL.

As a test, I installed the trial version of Tivoli Directory, and enabled SSL. Both the JLDAP and UnBoundID libraries work correctly against my instance.

Is there any configuration options on Tivoli that would cause connections to be dropped only under SSL?

I have an LDAP tool (jxplorer) that can connect and search the clients LDAP server over SSL. I think jxplorer uses the JNDI libraries for it's LDAP connection.

I wanted to see if there was anything else I could try before porting my LDAP code to use the JNDI LDAP code... (which might still have the same problem).

Ideas welcome...

Thanks.

3 answers

solution1
 0  2012-08-15 22:43:10

THe server is dropping the connection. Have a look at its timeout settings in SSL mode.

JXplorer uses its own LDAP libraries, not JNDI.

solution2
 0 ACCPTED  2013-02-17 05:47:31

I found my own answer to this. There was a problem with Java's SSL implementation in the JNDI libraries between Java 1.6_18 to Java 1.6_28, and the issue was also present in Java 1.7 until a recent patch.

solution3
 0  2016-05-10 11:31:04

I have seen the same Exception of: 

LDAPException: Connection lost waiting for results from ldap.host:636 (91) Connect Error java.io.EOFException: BERDecoder: decode: EOF in Identifier

when attempting to connection to the SSL port with a non SSL socket factory.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question HTTP Server Connector in IBM Security (Tivoli) Directory Integrator Connecting to LDAP (Active Directory) with NTLM Connecting via SSL with Java: The basics Connecting to LDAP (Active Directory) with NTLM security protocol How to add roles in IBM Tivoli Identity Manager javax.net.ssl.SSLHandshakeException when connecting via Cajo over SSL issue Elastic search: java.net.ConnectException when connecting via RestHighLevelClient Change Active Directory Password Via Spring LDAP LDAP Continuation Reference error in search results from Active Directory when using GSSAPI authentication in Java (Tomcat) Java WAR connecting, via SSL, to MySQL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM