How to update the password of a user in Activie Directory by JNDI....

Hello there,

  I have to update the password of a user in Active Directory by JDNI. I've heart thata I can change a user's password by JNDI if I connect the AD via SSL.

  I have set up a CA(enterprise root) in windows 2000 server and got a certificate by sending a request(csr) from http://localhost/CertSrv/.

  But I can't create a connection to the AD server. The exception message is "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found".

  Below is my code to connect connect web server and AD. The first part works fine. I can create a connection and get response from web server via SSL. But the second parts fails. The exception message is stated above.

  Is there any one can give me some clue or procedures to do this? TIA...

-----------------------------------------------------------------------------------------------------------------------------------------

        System.setProperty("javax.net.ssl.trustStore", "d:\\temp\\test.keystore");

        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

        try {

            SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();

            SSLSocket socket = (SSLSocket)factory.createSocket("127.0.0.1", 443);

            socket.startHandshake();

            java.io.PrintWriter out = new java.io.PrintWriter(
                          new java.io.BufferedWriter(
                          new java.io.OutputStreamWriter(
                               socket.getOutputStream())));

            out.println("GET / HTTP/1.0");
            out.println();
            out.flush();

            /*
             * Make sure there were no surprises
             */
            if (out.checkError())
            System.out.println(
                "SSLSocketClient:  java.io.PrintWriter error");

            /* read response */
            java.io.BufferedReader in = new java.io.BufferedReader(
                        new java.io.InputStreamReader(
                        socket.getInputStream()));

            String inputLine;
            while ((inputLine = in.readLine()) != null)
            System.out.println(inputLine);

            in.close();
            out.close();
            socket.close();

        }catch(java.io.IOException ioe) {

            ioe.printStackTrace();

        }

        Hashtable env = new Hashtable();

        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

        env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:636");

        env.put(Context.SECURITY_PROTOCOL, "ssl");

        env.put(Context.SECURITY_AUTHENTICATION, "simple");

        env.put(Context.SECURITY_PRINCIPAL, "cn=administrator, CN=Users,DC=mycompany,DC=com");

        env.put(Context.SECURITY_CREDENTIALS, "hahaha");

        DirContext ctx = null;

        try {

            ctx = new InitialDirContext(env);

            System.out.println(ctx);
        } catch (NamingException ne) {

            ne.printStackTrace();

        }


Regards,
hsinchinwangAsked:
Who is Participating?
 
petmagdyConnect With a Mentor Commented:
oooooooooofffffffffffffffffffffffffff :(

Dammmm Active directory

Frankly to say I did work arrounded this same situation 4 years ago by using Microsft ADSI Com components, and called it from Java using JNI
0
 
petmagdyCommented:
please go to this URL and make sure u fullfill the << client requirements >> section

http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html
0
 
hsinchinwangAuthor Commented:
Yes...

I have used "keytool " to import a certificate from CA. But the strange thing was as I said, I can connect IIS with SSL, but I can't connect AD with SSL. (As the code listed above)
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
petmagdyCommented:
Just some check questions:

r u using JDK 1.4.1?
does the Normal Non SSL LDAP connection works?
0
 
petmagdyCommented:
hay I got it use:

ldaps://127.0.0.1:636

not ldap:////127.0.0.1:636

missing S
0
 
hsinchinwangAuthor Commented:
Hi, petmagdy

    I am using jdk 1.4.2_03 and norml ldap connection works fine(port 389)

    and I've tried to use "ldps://127.0.0.1:636", but still got

    "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found"

Regards,
0
 
petmagdyCommented:
try:

ldaps://hostname:636
0
 
hsinchinwangAuthor Commented:
Hello petmagdy,

  have tried to use the hostname, but still got the same exception.

  Thanks for your help...

Regards,
0
 
petmagdyCommented:
Is the normal non SSL ldap connection working?
0
 
hsinchinwangAuthor Commented:
Yes...works fine(port 389)
0
 
petmagdyCommented:
can u please send me the error stack trace?
0
 
hsinchinwangAuthor Commented:
Sure, below is the stack trace...

--------------------- IIS test ---------------------------------------------

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 26 Oct 2004 08:55:50 GMT
Connection: Keep-Alive
Content-Length: 1129
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCSDDTRBA=MBKNKONCEJJEMGEKOKMDKEAF; path=/
Cache-control: private


<!--
        WARNING!
        Please do not alter this file. It may be replaced if you upgrade your web server
     If you want to use it as a template, we recommend renaming it, and modifying the new file.
        Thanks.
-->


<HTML>

<HEAD>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=big5">

      

<title id=titletext>&#27491;&#22312;&#24314;&#35373;&#20013;</title>
</HEAD>
      <body bgcolor=white>
      <TABLE>
      <TR>
      <td id="tableProps" width=70 valign=top align=center>
      <IMG id="pagerrorImg" SRC="pagerror.gif" width=36 height=48>  
      <TD id="tablePropsWidth" width=400>
      
      <h1 id=errortype style="font:14pt/16pt &#26032;&#32048;&#26126;&#39636;; color:#4e4e4e">
      <id id="Comment1"><!--Problem--></id><id id="errorText">&#27491;&#22312;&#24314;&#35373;&#20013;</id></h1>
      <id id="Comment2"><!--Probable causes:<--></id><id id="errordesc"><font style="font:9pt/12pt &#26032;&#32048;&#26126;&#39636;; color:black">
      &#24744;&#24819;&#35201;&#36899;&#25509;&#30340;&#31449;&#21488;&#30446;&#21069;&#27794;&#26377;&#38928;&#35373;&#38913;&#12290;&#21487;&#33021;&#27491;&#22312;&#36914;&#34892;&#21319;&#32026;&#12290;
      </id>
      <br><br>
      
      <hr size=1 color="blue">
      
      <br>
      <ID  id=term1>
      &#35531;&#31245;&#24460;&#20877;&#35430;&#27492;&#31449;&#21488;&#12290;&#20551;&#33509;&#21839;&#38988;&#20173;&#28982;&#23384;&#22312;&#65292;&#35531;&#33287; Web &#31449;&#21488;&#31649;&#29702;&#21729;&#32879;&#32097;&#12290;
      </ID>
      <P>
      
      </ul>
      <BR>
      </TD>
      </TR>
      </TABLE>
      </BODY>


</HTML>





------------------------------AD Test---------------------------------


javax.naming.CommunicationException: simple bind failed: 192.168.3.108:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found]
      at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
      at javax.naming.InitialContext.init(InitialContext.java:219)
      at javax.naming.InitialContext.<init>(InitialContext.java:195)
      at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
      at com.wnjsoft.dcc.test.ADTest.getContext(ADTest.java:105)
      at com.wnjsoft.dcc.test.ADTest.main(ADTest.java:118)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
      at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
      at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
      at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
      at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
      at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
      at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:193)
      ... 18 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
      at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
      at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
      at sun.security.validator.Validator.validate(Validator.java:202)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
      at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
      ... 30 more
0
 
petmagdyCommented:
Ok I am trying with u barry with me please, please try to do this:

First: comment the following and try:

       System.setProperty("javax.net.ssl.trustStore", "d:\\temp\\test.keystore");

        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

Second: r u running over which App. Server or which Servlet engine?
0
 
petmagdyCommented:
one more thing remember the right LDAP lookup is "ldaps://hostname:636"
0
 
hsinchinwangAuthor Commented:

Still got the same exception after commenting the codes...

The code I wrote is a stand-alone app...not running over any app server...
0
 
petmagdyCommented:
ok in the URL: http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html

their is a third way to connect using ur certificate, please try it under the section:

http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html
0
 
hsinchinwangAuthor Commented:
Hi,

   I've tried the third way(SASL?). Still got the same exception.

0
 
hsinchinwangAuthor Commented:
Thanks for you time, petmagdy....

0
All Courses

From novice to tech pro — start learning today.