• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

cannot connect to LDAP through JNDI

 
Ranch Hand
Posts: 106
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I'm using JNDI to connect to our LDAP server and get the list (i just need to print it out) of organizational units. I am following the tutorial from here and but i'm still getting this error (code that i ended up with is the filter search below):



Is it because the port is 636 and i should use ldaps and binding is through ssl encryption? or do i have an error in the code below particularly in doFilterSearch()? is the term 'organizationalunit' general for LDAP schemas? do I get what I want in here i.e., ou? please help, i'm not really sure how to go about this and i just need to simply just connect and I'm ok already...thank you thank you very much in advance




 
Rancher
Posts: 3742
16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Port 636 is the default LDAP SSL port, so yes you probably are trying to connect over SSL.
Try adding
env.put(Context.SECURITY_PROTOCOL, "ssl");
in your getDirContext method.

You also need to make sure you have your certificates set up correctly.

If possible I would try to get the program working on the non-LDAP port (389 by default) first and then add SSL support.

A useful thing to do when trying to debug an SSL connection is add
-Djavax.net.debug=ssl
to your command line. This will produce a whole load of debug information about the SSL handshake which may give you more information about the problem.

Wireshark is also a useful tool for debugging any comms related problems.

 
christine clarin
Ranch Hand
Posts: 106
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for this. should i also put this instead (put ldaps:// instead of just ldap://) :



what's the difference between:

and

??

because I used the first one and made use of ldaps://hostname:636 but i'm still getting connection timed out help! i really don't know how else to fix this

thank you!
 
Joanne Neal
Rancher
Posts: 3742
16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Context.SECURITY_AUTHENTICATION describes how the user will be authenticated. Use "simple" if you want to use user name and password authentication.

Context.SECURITY_PROTOCOL describes how data will be transmitted between the client and server. Default is plaintext. Use "ssl" if you want to encrypt the comms.

Debugging SSL is not for the faint hearted. You usually need to take a look at what is happening between the client and server using a wire sniffer like wireshark or logging the SSL handshake (or both).
Have you got it working on a non-SSL connection yet ? This is definitely the first step.
 
reply
    Bookmark Topic Watch Topic
  • New Topic