asked on

How to update the password of a user in Activie Directory by JNDI....

Hello there,

I have to update the password of a user in Active Directory by JDNI. I've heart thata I can change a user's password by JNDI if I connect the AD via SSL.

I have set up a CA(enterprise root) in windows 2000 server and got a certificate by sending a request(csr) from http://localhost/CertSrv/.

But I can't create a connection to the AD server. The exception message is "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found".

Below is my code to connect connect web server and AD. The first part works fine. I can create a connection and get response from web server via SSL. But the second parts fails. The exception message is stated above.

Is there any one can give me some clue or procedures to do this? TIA...

-----------------------------------------------------------------------------------------------------------------------------------------

System.setProperty("javax.net.ssl.trustStore", "d:\\temp\\test.keystore");

System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

try {

SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();

SSLSocket socket = (SSLSocket)factory.createSocket("127.0.0.1", 443);

socket.startHandshake();

java.io.PrintWriter out = new java.io.PrintWriter(
                          new java.io.BufferedWriter(
                          new java.io.OutputStreamWriter(
                        socket.getOutputStream())));

out.println("GET / HTTP/1.0");
out.println();
out.flush();

/*
* Make sure there were no surprises
*/
if (out.checkError())
System.out.println(
"SSLSocketClient: java.io.PrintWriter error");

/* read response */
java.io.BufferedReader in = new java.io.BufferedReader(
new java.io.InputStreamReader(
socket.getInputStream()));

String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);

in.close();
out.close();
socket.close();

}catch(java.io.IOException ioe) {

ioe.printStackTrace();

}

Hashtable env = new Hashtable();

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:636");

env.put(Context.SECURITY_PROTOCOL, "ssl");

env.put(Context.SECURITY_AUTHENTICATION, "simple");

env.put(Context.SECURITY_PRINCIPAL, "cn=administrator, CN=Users,DC=mycompany,DC=com");

env.put(Context.SECURITY_CREDENTIALS, "hahaha");

DirContext ctx = null;

try {

ctx = new InitialDirContext(env);

System.out.println(ctx);
} catch (NamingException ne) {

ne.printStackTrace();

}

Regards,

petmagdy

please go to this URL and make sure u fullfill the << client requirements >> section

http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html

hsinchinwang

ASKER

Yes...

I have used "keytool " to import a certificate from CA. But the strange thing was as I said, I can connect IIS with SSL, but I can't connect AD with SSL. (As the code listed above)

petmagdy

Just some check questions:

r u using JDK 1.4.1?
does the Normal Non SSL LDAP connection works?

petmagdy

hay I got it use:

ldaps://127.0.0.1:636

not ldap:////127.0.0.1:636

missing S

hsinchinwang

ASKER

Hi, petmagdy

I am using jdk 1.4.2_03 and norml ldap connection works fine(port 389)

and I've tried to use "ldps://127.0.0.1:636", but still got

"javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found"

Regards,

petmagdy

try:

ldaps://hostname:636

hsinchinwang

ASKER

Hello petmagdy,

have tried to use the hostname, but still got the same exception.

Thanks for your help...

Regards,

petmagdy

Is the normal non SSL ldap connection working?

hsinchinwang

ASKER

Yes...works fine(port 389)

petmagdy

can u please send me the error stack trace?

hsinchinwang

ASKER

Sure, below is the stack trace...

--------------------- IIS test ---------------------------------------------

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 26 Oct 2004 08:55:50 GMT
Connection: Keep-Alive
Content-Length: 1129
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCSDDTRBA=MBKNKONCEJJEMGEKOKMDKEAF; path=/
Cache-control: private



<HTML>

<HEAD>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=big5">



<title id=titletext>正在建設中</title>
</HEAD>
      <body bgcolor=white>
      <TABLE>
      <TR>
      <td id="tableProps" width=70 valign=top align=center>
      <IMG id="pagerrorImg" SRC="pagerror.gif" width=36 height=48>
      <TD id="tablePropsWidth" width=400>

      <h1 id=errortype style="font:14pt/16pt 新細明體; color:#4e4e4e">
      <id id="Comment1"></id><id id="errorText">正在建設中</id></h1>
      <id id="Comment2"></id><id id="errordesc"><font style="font:9pt/12pt 新細明體; color:black">
      您想要連接的站台目前沒有預設頁。可能正在進行升級。
      </id>
      <br><br>

      <hr size=1 color="blue">

      <br>
      <ID id=term1>
      請稍後再試此站台。假若問題仍然存在，請與 Web 站台管理員聯絡。
      </ID>
      <P>

      </ul>
      <BR>
      </TD>
      </TR>
      </TABLE>
      </BODY>

</HTML>

------------------------------AD Test---------------------------------

javax.naming.CommunicationException: simple bind failed: 192.168.3.108:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found]
      at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
      at javax.naming.InitialContext.init(InitialContext.java:219)
      at javax.naming.InitialContext.<init>(InitialContext.java:195)
      at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
      at com.wnjsoft.dcc.test.ADTest.getContext(ADTest.java:105)
      at com.wnjsoft.dcc.test.ADTest.main(ADTest.java:118)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
      at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
      at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
      at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
      at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
      at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
      at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:193)
      ... 18 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
      at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
      at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
      at sun.security.validator.Validator.validate(Validator.java:202)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
      at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
      ... 30 more

petmagdy

Ok I am trying with u barry with me please, please try to do this:

First: comment the following and try:

System.setProperty("javax.net.ssl.trustStore", "d:\\temp\\test.keystore");

System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

Second: r u running over which App. Server or which Servlet engine?

petmagdy

one more thing remember the right LDAP lookup is "ldaps://hostname:636"

hsinchinwang

ASKER

Still got the same exception after commenting the codes...

The code I wrote is a stand-alone app...not running over any app server...

petmagdy

ok in the URL: http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html

their is a third way to connect using ur certificate, please try it under the section:

http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html

hsinchinwang

ASKER

Hi,

I've tried the third way(SASL?). Still got the same exception.

ASKER CERTIFIED SOLUTION

petmagdy