Solved

How to update the password of a user in Activie Directory by JNDI....

Posted on 2004-10-25
307 Views
Last Modified: 2013-11-24
Hello there,

  I have to update the password of a user in Active Directory by JDNI. I've heart thata I can change a user's password by JNDI if I connect the AD via SSL.

  I have set up a CA(enterprise root) in windows 2000 server and got a certificate by sending a request(csr) from http://localhost/CertSrv/.

  But I can't create a connection to the AD server. The exception message is "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found".

  Below is my code to connect connect web server and AD. The first part works fine. I can create a connection and get response from web server via SSL. But the second parts fails. The exception message is stated above.

  Is there any one can give me some clue or procedures to do this? TIA...

-----------------------------------------------------------------------------------------------------------------------------------------

        System.setProperty("javax.net.ssl.trustStore", "d:\\temp\\test.keystore");

        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

        try {

            SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();

            SSLSocket socket = (SSLSocket)factory.createSocket("127.0.0.1", 443);

            socket.startHandshake();

            java.io.PrintWriter out = new java.io.PrintWriter(
                          new java.io.BufferedWriter(
                          new java.io.OutputStreamWriter(
                               socket.getOutputStream())));

            out.println("GET / HTTP/1.0");
            out.println();
            out.flush();

            /*
             * Make sure there were no surprises
             */
            if (out.checkError())
            System.out.println(
                "SSLSocketClient:  java.io.PrintWriter error");

            /* read response */
            java.io.BufferedReader in = new java.io.BufferedReader(
                        new java.io.InputStreamReader(
                        socket.getInputStream()));

            String inputLine;
            while ((inputLine = in.readLine()) != null)
            System.out.println(inputLine);

            in.close();
            out.close();
            socket.close();

        }catch(java.io.IOException ioe) {

            ioe.printStackTrace();

        }

        Hashtable env = new Hashtable();

        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

        env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:636");

        env.put(Context.SECURITY_PROTOCOL, "ssl");

        env.put(Context.SECURITY_AUTHENTICATION, "simple");

        env.put(Context.SECURITY_PRINCIPAL, "cn=administrator, CN=Users,DC=mycompany,DC=com");

        env.put(Context.SECURITY_CREDENTIALS, "hahaha");

        DirContext ctx = null;

        try {

            ctx = new InitialDirContext(env);

            System.out.println(ctx);
        } catch (NamingException ne) {

            ne.printStackTrace();

        }


Regards,
0
Question by:hsinchinwang
    18 Comments
     
    LVL 13

    Expert Comment

    by:petmagdy
    please go to this URL and make sure u fullfill the << client requirements >> section

    http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html
    0
     

    Author Comment

    by:hsinchinwang
    Yes...

    I have used "keytool " to import a certificate from CA. But the strange thing was as I said, I can connect IIS with SSL, but I can't connect AD with SSL. (As the code listed above)
    0
     
    LVL 13

    Expert Comment

    by:petmagdy
    Just some check questions:

    r u using JDK 1.4.1?
    does the Normal Non SSL LDAP connection works?
    0
     
    LVL 13

    Expert Comment

    by:petmagdy
    hay I got it use:

    ldaps://127.0.0.1:636

    not ldap:////127.0.0.1:636

    missing S
    0
     

    Author Comment

    by:hsinchinwang
    Hi, petmagdy

        I am using jdk 1.4.2_03 and norml ldap connection works fine(port 389)

        and I've tried to use "ldps://127.0.0.1:636", but still got

        "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found"

    Regards,
    0
     
    LVL 13

    Expert Comment

    by:petmagdy
    try:

    ldaps://hostname:636
    0
     

    Author Comment

    by:hsinchinwang
    Hello petmagdy,

      have tried to use the hostname, but still got the same exception.

      Thanks for your help...

    Regards,
    0
     
    LVL 13

    Expert Comment

    by:petmagdy
    Is the normal non SSL ldap connection working?
    0
     

    Author Comment

    by:hsinchinwang
    Yes...works fine(port 389)
    0
     
    LVL 13

    Expert Comment

    by:petmagdy
    can u please send me the error stack trace?
    0
     

    Author Comment

    by:hsinchinwang
    Sure, below is the stack trace...

    --------------------- IIS test ---------------------------------------------

    HTTP/1.1 200 OK
    Server: Microsoft-IIS/5.0
    Date: Tue, 26 Oct 2004 08:55:50 GMT
    Connection: Keep-Alive
    Content-Length: 1129
    Content-Type: text/html
    Set-Cookie: ASPSESSIONIDCSDDTRBA=MBKNKONCEJJEMGEKOKMDKEAF; path=/
    Cache-control: private


    <!--
            WARNING!
            Please do not alter this file. It may be replaced if you upgrade your web server
         If you want to use it as a template, we recommend renaming it, and modifying the new file.
            Thanks.
    -->


    <HTML>

    <HEAD>
    <META HTTP-EQUIV="Content-Type" Content="text-html; charset=big5">

          

    <title id=titletext>&#27491;&#22312;&#24314;&#35373;&#20013;</title>
    </HEAD>
          <body bgcolor=white>
          <TABLE>
          <TR>
          <td id="tableProps" width=70 valign=top align=center>
          <IMG id="pagerrorImg" SRC="pagerror.gif" width=36 height=48>  
          <TD id="tablePropsWidth" width=400>
          
          <h1 id=errortype style="font:14pt/16pt &#26032;&#32048;&#26126;&#39636;; color:#4e4e4e">
          <id id="Comment1"><!--Problem--></id><id id="errorText">&#27491;&#22312;&#24314;&#35373;&#20013;</id></h1>
          <id id="Comment2"><!--Probable causes:<--></id><id id="errordesc"><font style="font:9pt/12pt &#26032;&#32048;&#26126;&#39636;; color:black">
          &#24744;&#24819;&#35201;&#36899;&#25509;&#30340;&#31449;&#21488;&#30446;&#21069;&#27794;&#26377;&#38928;&#35373;&#38913;&#12290;&#21487;&#33021;&#27491;&#22312;&#36914;&#34892;&#21319;&#32026;&#12290;
          </id>
          <br><br>
          
          <hr size=1 color="blue">
          
          <br>
          <ID  id=term1>
          &#35531;&#31245;&#24460;&#20877;&#35430;&#27492;&#31449;&#21488;&#12290;&#20551;&#33509;&#21839;&#38988;&#20173;&#28982;&#23384;&#22312;&#65292;&#35531;&#33287; Web &#31449;&#21488;&#31649;&#29702;&#21729;&#32879;&#32097;&#12290;
          </ID>
          <P>
          
          </ul>
          <BR>
          </TD>
          </TR>
          </TABLE>
          </BODY>


    </HTML>





    ------------------------------AD Test---------------------------------


    javax.naming.CommunicationException: simple bind failed: 192.168.3.108:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found]
          at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
          at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
          at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
          at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
          at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
          at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
          at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
          at javax.naming.InitialContext.init(InitialContext.java:219)
          at javax.naming.InitialContext.<init>(InitialContext.java:195)
          at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
          at com.wnjsoft.dcc.test.ADTest.getContext(ADTest.java:105)
          at com.wnjsoft.dcc.test.ADTest.main(ADTest.java:118)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:324)
          at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
          at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
          at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
          at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
          at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
          at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
          at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:193)
          ... 18 more
    Caused by: sun.security.validator.ValidatorException: No trusted certificate found
          at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
          at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
          at sun.security.validator.Validator.validate(Validator.java:202)
          at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
          at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
          ... 30 more
    0
     
    LVL 13

    Expert Comment

    by:petmagdy
    Ok I am trying with u barry with me please, please try to do this:

    First: comment the following and try:

           System.setProperty("javax.net.ssl.trustStore", "d:\\temp\\test.keystore");

            System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

    Second: r u running over which App. Server or which Servlet engine?
    0
     
    LVL 13

    Expert Comment

    by:petmagdy
    one more thing remember the right LDAP lookup is "ldaps://hostname:636"
    0
     

    Author Comment

    by:hsinchinwang

    Still got the same exception after commenting the codes...

    The code I wrote is a stand-alone app...not running over any app server...
    0
     
    LVL 13

    Expert Comment

    by:petmagdy
    ok in the URL: http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html

    their is a third way to connect using ur certificate, please try it under the section:

    http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html
    0
     

    Author Comment

    by:hsinchinwang
    Hi,

       I've tried the third way(SASL?). Still got the same exception.

    0
     
    LVL 13

    Accepted Solution

    by:
    oooooooooofffffffffffffffffffffffffff :(

    Dammmm Active directory

    Frankly to say I did work arrounded this same situation 4 years ago by using Microsft ADSI Com components, and called it from Java using JNI
    0
     

    Author Comment

    by:hsinchinwang
    Thanks for you time, petmagdy....

    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Course: Foundations of Front-End Development

    Jump-start a lucrative career in front-end web development, with zero previous coding experience required. This course covers the basic programming concepts and languages required for creating engaging websites from scratch.

    This is an explanation of a simple data model to help parse a JSON feed
    A short article about problems I had with the new location API and permissions in Marshmallow
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

    933 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now