Eclipse Community Forums: Virgo » LDAP over SSL keystore

Home » Eclipse Projects » Virgo » LDAP over SSL keystore

LDAP over SSL keystore [message #665024]

Tue, 12 April 2011 17:22

Eclipse User

Hello,

I'm turning to the forum with a problem we have with one of our bundles on virgo 2.1. It is an authentication bundle that validates users against ldap. The code uses a separate keystore where the LDAP's public key is stored. The code works perfectly in junit tests, but unfortunately in virgo 2.1 the keystore is not used for some reason. I could only get it working if I import the LDAP's public cert into the JRE's cacerts keystore. I even tried to put the public key into the $VIRGO/config/keystore, still no luck.

Imports:

import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPJSSESecureSocketFactory;
import com.novell.ldap.LDAPSearchResults;

Here is the code:

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.ssl.trustStore", "keystore.jks");
LDAPConnection.setSocketFactory(new LDAPJSSESecureSocketFactory());
ldapConnection = new LDAPConnection();
ldapConnection.connect(host, 636);
ldapConnection.bind(V3, loginDN, password);

I got a reply from the mailing list, that I should try the -truststore option while starting virgo, but that still didn't help.

Is there anything different in virgo than in say servlet containers that would cause this issue ?

Thank you.

Jan

Re: LDAP over SSL keystore [message #665233 is a reply to message #665024]

Wed, 13 April 2011 15:47

Eclipse User

Glyn suggested a way to test if the problem is caused by classloading:
http://dev.eclipse.org/mhonarc/lists/virgo-dev/msg00810.html

Can you please share here on the forums if running the test in Eclipse worked?

Re: LDAP over SSL keystore [message #665235 is a reply to message #665233]

Wed, 13 April 2011 15:53

Eclipse User

I will share it but I didn't have time to debug it yet. I will try to get to it in the next couple of days.

Thank you

Jan

Re: LDAP over SSL keystore [message #1021399 is a reply to message #665235]

Tue, 19 March 2013 21:55

Eclipse User

Jan,
did you ever get this working? We have a need for LDAP integration with SSL as well. So I am just looking for some direction for one our engineers.

Re: LDAP over SSL keystore [message #1021413 is a reply to message #1021399]

Tue, 19 March 2013 22:57

Eclipse User

Jay,

we have solved our problem by importing the appropriate keys to the virgo keystore.

From there on it is trivial to create an SSL connection to LDAP.

I don't know if this fits your needs, but it works for us.

Jan

Re: LDAP over SSL keystore [message #1021717 is a reply to message #1021413]

Wed, 20 March 2013 11:10

Eclipse User

Jan,

I am having a similar problem of getting virgo finding the ldap certificate when using springframework to establish ldap ssl connection.

Basically what i did is to save certificate in jre/lib/security/jssecacerts and specify keystore,truststore,keystorepassword, and truststorepassword to the correct keystore in virgo bin/startup.sh script.

However, virgo fails to find the certificate, throwing exception "PKIX path validation failed, unable to find valid certification path to requested target".

Is there anything missing above?

I am using InstallCer for getting certificates, could that be a possiblity?

Thanks,
Simon

Previous Topic:	exporting services via spring configuration not working
Next Topic:	NoClassDefFoundError for javax.annotation.Priority

Goto Forum:

-=] Back to Top [=-

Current Time: Thu Jul 03 20:08:51 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter