I'm using JNDI to connect to our LDAP server and get the list (i just need to print it out) of organizational units. I am following the tutorial from here and but i'm still getting this error (code that i ended up with is the filter search below):
Is it because the port is 636 and i should use ldaps and binding is through ssl encryption? or do i have an error in the code below particularly in doFilterSearch()? is the term 'organizationalunit' general for LDAP schemas? do I get what I want in here i.e., ou? please help, i'm not really sure how to go about this and i just need to simply just connect and I'm ok already...thank you thank you very much in advance
Port 636 is the default LDAP SSL port, so yes you probably are trying to connect over SSL.
in your getDirContext method.
You also need to make sure you have your certificates set up correctly.
If possible I would try to get the program working on the non-LDAP port (389 by default) first and then add SSL support.
A useful thing to do when trying to debug an SSL connection is add
to your command line. This will produce a whole load of debug information about the SSL handshake which may give you more information about the problem.
Wireshark is also a useful tool for debugging any comms related problems.
posted 8 years ago
Thank you for this. should i also put this instead (put ldaps:// instead of just ldap://) :
what's the difference between:
because I used the first one and made use of ldaps://hostname:636 but i'm still getting connection timed out help! i really don't know how else to fix this
posted 8 years ago
Context.SECURITY_AUTHENTICATION describes how the user will be authenticated. Use "simple" if you want to use user name and password authentication.
Context.SECURITY_PROTOCOL describes how data will be transmitted between the client and server. Default is plaintext. Use "ssl" if you want to encrypt the comms.
Debugging SSL is not for the faint hearted. You usually need to take a look at what is happening between the client and server using a wire sniffer like wireshark or logging the SSL handshake (or both).
Have you got it working on a non-SSL connection yet ? This is definitely the first step.