Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Virgo » LDAP over SSL keystore
LDAP over SSL keystore [message #665024] Tue, 12 April 2011 21:22 Go to next message
Jan Fetyko is currently offline Jan FetykoFriend
Messages: 28
Registered: April 2011
Junior Member
Hello,

I'm turning to the forum with a problem we have with one of our bundles on virgo 2.1. It is an authentication bundle that validates users against ldap. The code uses a separate keystore where the LDAP's public key is stored. The code works perfectly in junit tests, but unfortunately in virgo 2.1 the keystore is not used for some reason. I could only get it working if I import the LDAP's public cert into the JRE's cacerts keystore. I even tried to put the public key into the $VIRGO/config/keystore, still no luck.

Imports:

import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPJSSESecureSocketFactory;
import com.novell.ldap.LDAPSearchResults;

Here is the code:

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.ssl.trustStore", "keystore.jks");
LDAPConnection.setSocketFactory(new LDAPJSSESecureSocketFactory());
ldapConnection = new LDAPConnection();
ldapConnection.connect(host, 636);
ldapConnection.bind(V3, loginDN, password);

I got a reply from the mailing list, that I should try the -truststore option while starting virgo, but that still didn't help.

Is there anything different in virgo than in say servlet containers that would cause this issue ?

Thank you.

Jan
Re: LDAP over SSL keystore [message #665233 is a reply to message #665024] Wed, 13 April 2011 19:47 Go to previous messageGo to next message
Hristo Iliev is currently offline Hristo IlievFriend
Messages: 156
Registered: May 2010
Location: Sofia, Bulgaria
Senior Member

Glyn suggested a way to test if the problem is caused by classloading:
http://dev.eclipse.org/mhonarc/lists/virgo-dev/msg00810.html

Can you please share here on the forums if running the test in Eclipse worked?
Re: LDAP over SSL keystore [message #665235 is a reply to message #665233] Wed, 13 April 2011 19:53 Go to previous messageGo to next message
Jan Fetyko is currently offline Jan FetykoFriend
Messages: 28
Registered: April 2011
Junior Member
I will share it but I didn't have time to debug it yet. I will try to get to it in the next couple of days.

Thank you

Jan
Re: LDAP over SSL keystore [message #1021399 is a reply to message #665235] Wed, 20 March 2013 01:55 Go to previous messageGo to next message
Jay Hamilton is currently offline Jay HamiltonFriend
Messages: 19
Registered: October 2011
Junior Member
Jan,
did you ever get this working? We have a need for LDAP integration with SSL as well. So I am just looking for some direction for one our engineers.
Re: LDAP over SSL keystore [message #1021413 is a reply to message #1021399] Wed, 20 March 2013 02:57 Go to previous messageGo to next message
Jan Fetyko is currently offline Jan FetykoFriend
Messages: 28
Registered: April 2011
Junior Member
Jay,

we have solved our problem by importing the appropriate keys to the virgo keystore.

From there on it is trivial to create an SSL connection to LDAP.

I don't know if this fits your needs, but it works for us.

Jan
Re: LDAP over SSL keystore [message #1021717 is a reply to message #1021413] Wed, 20 March 2013 15:10 Go to previous message
Simon Zhu is currently offline Simon ZhuFriend
Messages: 1
Registered: March 2013
Junior Member
Jan,

I am having a similar problem of getting virgo finding the ldap certificate when using springframework to establish ldap ssl connection.

Basically what i did is to save certificate in jre/lib/security/jssecacerts and specify keystore,truststore,keystorepassword, and truststorepassword to the correct keystore in virgo bin/startup.sh script.

However, virgo fails to find the certificate, throwing exception "PKIX path validation failed, unable to find valid certification path to requested target".

Is there anything missing above?

I am using InstallCer for getting certificates, could that be a possiblity?

Thanks,
Simon
Previous Topic:exporting services via spring configuration not working
Next Topic:NoClassDefFoundError for javax.annotation.Priority
Goto Forum:
  


Current Time: Thu Dec 18 07:22:02 GMT 2014

Powered by FUDForum. Page generated in 0.17804 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software