[英]How to connect LDAP with TLS by JAVA
当我尝试使用tls连接ldap服务器时,它失败,并出现以下异常。 my-ca.crt文件有问题吗?
public class LdapTest {
public static void main (String[] args) throws Exception {
LdapTest test = new LdapTest();
test.tryit();
System.out.println("Test End.");
}
public void tryit() throws Exception {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldaps://9.111.xxx.xxx");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.REFERRAL,"ignore");
env.put(Context.SECURITY_PROTOCOL,"ssl");
String keystore = "/Users/dummy/Downloads/my-ca.crt";
System.setProperty("javax.net.ssl.trustStore", keystore);
DirContext ctx = null;
try {
ctx = new InitialDirContext(env);
SearchControls sc = new SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> results = ctx.search("cn=Directory Manager", "objectClass=*", sc);
while (results.hasMore()) {
SearchResult searchResult = results.next();
System.out.println("----------" + searchResult.toString() + "---------");
}
} catch (javax.naming.AuthenticationException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
} finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
// ignore
}
}
}
}
}
此外,我可以使用虚拟DummySSLSocketFactory连接到ldap服务器,如下所示
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldaps://9.111.156.147");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.REFERRAL,"ignore");
env.put(Context.SECURITY_PROTOCOL,"ssl");
env.put("java.naming.ldap.factory.socket", "com.test.ldap.DummySSLSocketFactory");
我已按照以下步骤解决了此问题
密钥工具-导入-别名证书密钥-文件my-ca.crt-密钥库my-ca.jks
在Java代码中使用“ my-ca.jks”而不是“ my-ca.crt”,那么我可以成功连接到ldap服务器。
String keystore = "/Users/dummy/Downloads/my-ca.jks";
System.setProperty("javax.net.ssl.trustStore", keystore);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.