d**k
发帖数: 1223 | 1 最近要求改了,原来用来做authentication的ldap要求用ssl connection. 巨土的是怎
么也连不上。用ldap browser都没有问题,到了code里就是不行。我用的是ldapjdk的
package, 就下面几行code....
String dn="cn=testUser,ou=services,dc=myDomin,dc=org";
String password="ldapSvc";
java.security.Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());
netscape.ldap.factory.JSSESocketFactory skt_fctry =
new
netscape.ldap.factory.JSSESocketFactory(null);
ldapconnection = new LDAPConnection(skt_fctry);
ldapconnection.connect(host,port,dn,password);
.....
肯定是漏了什么了。。。。。请大牛给看看?谢谢了 |
g**********y
发帖数: 14569 | 2 是不是跟trusted certificate有关?
我查了一下以前的code, 连ssl之前都检查一下这个是不是call过 --
private void trustAllCerts() {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted (X509Certificate[] certs,
String authType) {}
public void checkServerTrusted (X509Certificate[] certs,
String authType) {}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.
getSocketFactory());
} catch (Exception e) {
System.out.println("Error" + e);
}
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: " + urlHostName + "
vs. " + session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
} |
d**k
发帖数: 1223 | 3 谢了。。。我试试这个。。。看能不能在ldapjdk的connection上work... |
d**k
发帖数: 1223 | 4 好像不work.....不过,我试着把certificate import 到一个keystore,然后放在JRE
里头,似乎就work了(只是可以跟ad server 建立connection)。不过,我看到有人说
可以用java code import certificate at run time, 如果这样的话,我就不用每次都
用keytool了。。。。有谁做过这个?给个提示什么的?谢谢啦。 |
g*****g
发帖数: 34805 | 5 There's no such thing as import certificate at run time.
You have use a trust manager that ignores certificate exception.
Or you need to use a certificate that's trusted by by your
one of your default CAs.
JRE
【在 d**k 的大作中提到】
: 好像不work.....不过,我试着把certificate import 到一个keystore,然后放在JRE
: 里头,似乎就work了(只是可以跟ad server 建立connection)。不过,我看到有人说
: 可以用java code import certificate at run time, 如果这样的话,我就不用每次都
: 用keytool了。。。。有谁做过这个?给个提示什么的?谢谢啦。
|
d**k
发帖数: 1223 | 6 faint....那我还是再看看trust manager 那段code吧
【在 g*****g 的大作中提到】
: There's no such thing as import certificate at run time.
: You have use a trust manager that ignores certificate exception.
: Or you need to use a certificate that's trusted by by your
: one of your default CAs.
:
: JRE
|
