How to update the password of a user in Activie Directory by JNDI....

Hello there,

  I have to update the password of a user in Active Directory by JDNI. I've heart thata I can change a user's password by JNDI if I connect the AD via SSL.

  I have set up a CA(enterprise root) in windows 2000 server and got a certificate by sending a request(csr) from http://localhost/CertSrv/.

  But I can't create a connection to the AD server. The exception message is "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found".

  Below is my code to connect connect web server and AD. The first part works fine. I can create a connection and get response from web server via SSL. But the second parts fails. The exception message is stated above.

  Is there any one can give me some clue or procedures to do this? TIA...

-----------------------------------------------------------------------------------------------------------------------------------------

        System.setProperty("javax.net.ssl.trustStore", "d:\\temp\\test.keystore");

        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

        try {

            SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();

            SSLSocket socket = (SSLSocket)factory.createSocket("127.0.0.1", 443);

            socket.startHandshake();

            java.io.PrintWriter out = new java.io.PrintWriter(
                          new java.io.BufferedWriter(
                          new java.io.OutputStreamWriter(
                               socket.getOutputStream())));

            out.println("GET / HTTP/1.0");
            out.println();
            out.flush();

            /*
             * Make sure there were no surprises
             */
            if (out.checkError())
            System.out.println(
                "SSLSocketClient:  java.io.PrintWriter error");

            /* read response */
            java.io.BufferedReader in = new java.io.BufferedReader(
                        new java.io.InputStreamReader(
                        socket.getInputStream()));

            String inputLine;
            while ((inputLine = in.readLine()) != null)
            System.out.println(inputLine);

            in.close();
            out.close();
            socket.close();

        }catch(java.io.IOException ioe) {

            ioe.printStackTrace();

        }

        Hashtable env = new Hashtable();

        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

        env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:636");

        env.put(Context.SECURITY_PROTOCOL, "ssl");

        env.put(Context.SECURITY_AUTHENTICATION, "simple");

        env.put(Context.SECURITY_PRINCIPAL, "cn=administrator, CN=Users,DC=mycompany,DC=com");

        env.put(Context.SECURITY_CREDENTIALS, "hahaha");

        DirContext ctx = null;

        try {

            ctx = new InitialDirContext(env);

            System.out.println(ctx);
        } catch (NamingException ne) {

            ne.printStackTrace();

        }


Regards,
hsinchinwangAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

petmagdyCommented:
please go to this URL and make sure u fullfill the << client requirements >> section

http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html
0
hsinchinwangAuthor Commented:
Yes...

I have used "keytool " to import a certificate from CA. But the strange thing was as I said, I can connect IIS with SSL, but I can't connect AD with SSL. (As the code listed above)
0
petmagdyCommented:
Just some check questions:

r u using JDK 1.4.1?
does the Normal Non SSL LDAP connection works?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

petmagdyCommented:
hay I got it use:

ldaps://127.0.0.1:636

not ldap:////127.0.0.1:636

missing S
0
hsinchinwangAuthor Commented:
Hi, petmagdy

    I am using jdk 1.4.2_03 and norml ldap connection works fine(port 389)

    and I've tried to use "ldps://127.0.0.1:636", but still got

    "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found"

Regards,
0
petmagdyCommented:
try:

ldaps://hostname:636
0
hsinchinwangAuthor Commented:
Hello petmagdy,

  have tried to use the hostname, but still got the same exception.

  Thanks for your help...

Regards,
0
petmagdyCommented:
Is the normal non SSL ldap connection working?
0
hsinchinwangAuthor Commented:
Yes...works fine(port 389)
0
petmagdyCommented:
can u please send me the error stack trace?
0
hsinchinwangAuthor Commented:
Sure, below is the stack trace...

--------------------- IIS test ---------------------------------------------

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 26 Oct 2004 08:55:50 GMT
Connection: Keep-Alive
Content-Length: 1129
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCSDDTRBA=MBKNKONCEJJEMGEKOKMDKEAF; path=/
Cache-control: private


<!--
        WARNING!
        Please do not alter this file. It may be replaced if you upgrade your web server
     If you want to use it as a template, we recommend renaming it, and modifying the new file.
        Thanks.
-->


<HTML>

<HEAD>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=big5">

      

<title id=titletext>&#27491;&#22312;&#24314;&#35373;&#20013;</title>
</HEAD>
      <body bgcolor=white>
      <TABLE>
      <TR>
      <td id="tableProps" width=70 valign=top align=center>
      <IMG id="pagerrorImg" SRC="pagerror.gif" width=36 height=48>  
      <TD id="tablePropsWidth" width=400>
      
      <h1 id=errortype style="font:14pt/16pt &#26032;&#32048;&#26126;&#39636;; color:#4e4e4e">
      <id id="Comment1"><!--Problem--></id><id id="errorText">&#27491;&#22312;&#24314;&#35373;&#20013;</id></h1>
      <id id="Comment2"><!--Probable causes:<--></id><id id="errordesc"><font style="font:9pt/12pt &#26032;&#32048;&#26126;&#39636;; color:black">
      &#24744;&#24819;&#35201;&#36899;&#25509;&#30340;&#31449;&#21488;&#30446;&#21069;&#27794;&#26377;&#38928;&#35373;&#38913;&#12290;&#21487;&#33021;&#27491;&#22312;&#36914;&#34892;&#21319;&#32026;&#12290;
      </id>
      <br><br>
      
      <hr size=1 color="blue">
      
      <br>
      <ID  id=term1>
      &#35531;&#31245;&#24460;&#20877;&#35430;&#27492;&#31449;&#21488;&#12290;&#20551;&#33509;&#21839;&#38988;&#20173;&#28982;&#23384;&#22312;&#65292;&#35531;&#33287; Web &#31449;&#21488;&#31649;&#29702;&#21729;&#32879;&#32097;&#12290;
      </ID>
      <P>
      
      </ul>
      <BR>
      </TD>
      </TR>
      </TABLE>
      </BODY>


</HTML>





------------------------------AD Test---------------------------------


javax.naming.CommunicationException: simple bind failed: 192.168.3.108:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found]
      at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
      at javax.naming.InitialContext.init(InitialContext.java:219)
      at javax.naming.InitialContext.<init>(InitialContext.java:195)
      at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
      at com.wnjsoft.dcc.test.ADTest.getContext(ADTest.java:105)
      at com.wnjsoft.dcc.test.ADTest.main(ADTest.java:118)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
      at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
      at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
      at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
      at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
      at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
      at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:193)
      ... 18 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
      at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
      at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
      at sun.security.validator.Validator.validate(Validator.java:202)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
      at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
      ... 30 more
0
petmagdyCommented:
Ok I am trying with u barry with me please, please try to do this:

First: comment the following and try:

       System.setProperty("javax.net.ssl.trustStore", "d:\\temp\\test.keystore");

        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

Second: r u running over which App. Server or which Servlet engine?
0
petmagdyCommented:
one more thing remember the right LDAP lookup is "ldaps://hostname:636"
0
hsinchinwangAuthor Commented:

Still got the same exception after commenting the codes...

The code I wrote is a stand-alone app...not running over any app server...
0
petmagdyCommented:
ok in the URL: http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html

their is a third way to connect using ur certificate, please try it under the section:

http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html
0
hsinchinwangAuthor Commented:
Hi,

   I've tried the third way(SASL?). Still got the same exception.

0
petmagdyCommented:
oooooooooofffffffffffffffffffffffffff :(

Dammmm Active directory

Frankly to say I did work arrounded this same situation 4 years ago by using Microsft ADSI Com components, and called it from Java using JNI
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hsinchinwangAuthor Commented:
Thanks for you time, petmagdy....

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java EE

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.