hsinchinwang
asked on
How to update the password of a user in Activie Directory by JNDI....
Hello there,
I have to update the password of a user in Active Directory by JDNI. I've heart thata I can change a user's password by JNDI if I connect the AD via SSL.
I have set up a CA(enterprise root) in windows 2000 server and got a certificate by sending a request(csr) from http://localhost/CertSrv/.
But I can't create a connection to the AD server. The exception message is "javax.net.ssl.SSLHandshak eException : sun.security.validator.Val idatorExce ption: No trusted certificate found".
Below is my code to connect connect web server and AD. The first part works fine. I can create a connection and get response from web server via SSL. But the second parts fails. The exception message is stated above.
Is there any one can give me some clue or procedures to do this? TIA...
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
System.setProperty("javax. net.ssl.tr ustStore", "d:\\temp\\test.keystore") ;
System.setProperty("javax. net.ssl.tr ustStorePa ssword", "changeit");
try {
SSLSocketFactory factory = (SSLSocketFactory)SSLSocke tFactory.g etDefault( );
SSLSocket socket = (SSLSocket)factory.createS ocket("127 .0.0.1", 443);
socket.startHandshake();
java.io.PrintWriter out = new java.io.PrintWriter(
new java.io.BufferedWriter(
new java.io.OutputStreamWriter (
socket.getOutputStream())) );
out.println("GET / HTTP/1.0");
out.println();
out.flush();
/*
* Make sure there were no surprises
*/
if (out.checkError())
System.out.println(
"SSLSocketClient: java.io.PrintWriter error");
/* read response */
java.io.BufferedReader in = new java.io.BufferedReader(
new java.io.InputStreamReader(
socket.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLi ne);
in.close();
out.close();
socket.close();
}catch(java.io.IOException ioe) {
ioe.printStackTrace();
}
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CO NTEXT_FACT ORY, "com.sun.jndi.ldap.LdapCtx Factory");
env.put(Context.PROVIDER_U RL, "ldap://127.0.0.1:636");
env.put(Context.SECURITY_P ROTOCOL, "ssl");
env.put(Context.SECURITY_A UTHENTICAT ION, "simple");
env.put(Context.SECURITY_P RINCIPAL, "cn=administrator, CN=Users,DC=mycompany,DC=c om");
env.put(Context.SECURITY_C REDENTIALS , "hahaha");
DirContext ctx = null;
try {
ctx = new InitialDirContext(env);
System.out.println(ctx);
} catch (NamingException ne) {
ne.printStackTrace();
}
Regards,
I have to update the password of a user in Active Directory by JDNI. I've heart thata I can change a user's password by JNDI if I connect the AD via SSL.
I have set up a CA(enterprise root) in windows 2000 server and got a certificate by sending a request(csr) from http://localhost/CertSrv/.
But I can't create a connection to the AD server. The exception message is "javax.net.ssl.SSLHandshak
Below is my code to connect connect web server and AD. The first part works fine. I can create a connection and get response from web server via SSL. But the second parts fails. The exception message is stated above.
Is there any one can give me some clue or procedures to do this? TIA...
--------------------------
System.setProperty("javax.
System.setProperty("javax.
try {
SSLSocketFactory factory = (SSLSocketFactory)SSLSocke
SSLSocket socket = (SSLSocket)factory.createS
socket.startHandshake();
java.io.PrintWriter out = new java.io.PrintWriter(
new java.io.BufferedWriter(
new java.io.OutputStreamWriter
socket.getOutputStream()))
out.println("GET / HTTP/1.0");
out.println();
out.flush();
/*
* Make sure there were no surprises
*/
if (out.checkError())
System.out.println(
"SSLSocketClient: java.io.PrintWriter error");
/* read response */
java.io.BufferedReader in = new java.io.BufferedReader(
new java.io.InputStreamReader(
socket.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLi
in.close();
out.close();
socket.close();
}catch(java.io.IOException
ioe.printStackTrace();
}
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CO
env.put(Context.PROVIDER_U
env.put(Context.SECURITY_P
env.put(Context.SECURITY_A
env.put(Context.SECURITY_P
env.put(Context.SECURITY_C
DirContext ctx = null;
try {
ctx = new InitialDirContext(env);
System.out.println(ctx);
} catch (NamingException ne) {
ne.printStackTrace();
}
Regards,
ASKER
Yes...
I have used "keytool " to import a certificate from CA. But the strange thing was as I said, I can connect IIS with SSL, but I can't connect AD with SSL. (As the code listed above)
I have used "keytool " to import a certificate from CA. But the strange thing was as I said, I can connect IIS with SSL, but I can't connect AD with SSL. (As the code listed above)
Just some check questions:
r u using JDK 1.4.1?
does the Normal Non SSL LDAP connection works?
r u using JDK 1.4.1?
does the Normal Non SSL LDAP connection works?
hay I got it use:
ldaps://127.0.0.1:636
not ldap:////127.0.0.1:636
missing S
ldaps://127.0.0.1:636
not ldap:////127.0.0.1:636
missing S
ASKER
Hi, petmagdy
I am using jdk 1.4.2_03 and norml ldap connection works fine(port 389)
and I've tried to use "ldps://127.0.0.1:636", but still got
"javax.net.ssl.SSLHandshak eException : sun.security.validator.Val idatorExce ption: No trusted certificate found"
Regards,
I am using jdk 1.4.2_03 and norml ldap connection works fine(port 389)
and I've tried to use "ldps://127.0.0.1:636", but still got
"javax.net.ssl.SSLHandshak
Regards,
try:
ldaps://hostname:636
ldaps://hostname:636
ASKER
Hello petmagdy,
have tried to use the hostname, but still got the same exception.
Thanks for your help...
Regards,
have tried to use the hostname, but still got the same exception.
Thanks for your help...
Regards,
Is the normal non SSL ldap connection working?
ASKER
Yes...works fine(port 389)
can u please send me the error stack trace?
ASKER
Sure, below is the stack trace...
--------------------- IIS test -------------------------- ---------- ---------
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 26 Oct 2004 08:55:50 GMT
Connection: Keep-Alive
Content-Length: 1129
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCSDDTRBA=MBKNK ONCEJJEMGE KOKMDKEAF; path=/
Cache-control: private
<!--
WARNING!
Please do not alter this file. It may be replaced if you upgrade your web server
If you want to use it as a template, we recommend renaming it, and modifying the new file.
Thanks.
-->
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=big5">
<title id=titletext>正ß 12;建 ;設& #20013;</t itle>
</HEAD>
<body bgcolor=white>
<TABLE>
<TR>
<td id="tableProps" width=70 valign=top align=center>
<IMG id="pagerrorImg" SRC="pagerror.gif" width=36 height=48>
<TD id="tablePropsWidth" width=400>
<h1 id=errortype style="font:14pt/16pt 新細明&# 39636;; color:#4e4e4e">
<id id="Comment1"><!--Problem- -></id><id id="errorText">正 2312;ó 14;設 ;中< /id></h1>
<id id="Comment2"><!--Probable causes:<--></id><id id="errordesc"><font style="font:9pt/12pt 新細明&# 39636;; color:black">
您想要&# 36899; 509;௚ 0;站 台&# 30446; 069;૛ 4;有 預&# 35373;& 913;Ӎ 0;可 能&# 27491; 312;๫ 4;行 升&# 32026; 290;
</id>
<br><br>
<hr size=1 color="blue">
<br>
<ID id=term1>
請稍後&# 20877;# 430;ઽ 2;站 台&# 12290; 551;ഖ 9;問 題&# 20173; 982;ढ 4;在 ,&# 35531;! 287; Web 站台管&# 29702; 729;೗ 9;絡 。
</ID>
<P>
</ul>
<BR>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
-------------------------- ----AD Test---------------------- ---------- -
javax.naming.Communication Exception: simple bind failed: 192.168.3.108:636 [Root exception is javax.net.ssl.SSLHandshake Exception: sun.security.validator.Val idatorExce ption: No trusted certificate found]
at com.sun.jndi.ldap.LdapClie nt.authent icate(Ldap Client.jav a:198)
at com.sun.jndi.ldap.LdapCtx. connect(Ld apCtx.java :2640)
at com.sun.jndi.ldap.LdapCtx. <init>(Lda pCtx.java: 290)
at com.sun.jndi.ldap.LdapCtxF actory.get UsingURL(L dapCtxFact ory.java:1 75)
at com.sun.jndi.ldap.LdapCtxF actory.get UsingURLs( LdapCtxFac tory.java: 193)
at com.sun.jndi.ldap.LdapCtxF actory.get LdapCtxIns tance(Ldap CtxFactory .java:136)
at com.sun.jndi.ldap.LdapCtxF actory.get InitialCon text(LdapC txFactory. java:66)
at javax.naming.spi.NamingMan ager.getIn itialConte xt(NamingM anager.jav a:662)
at javax.naming.InitialContex t.getDefau ltInitCtx( InitialCon text.java: 243)
at javax.naming.InitialContex t.init(Ini tialContex t.java:219 )
at javax.naming.InitialContex t.<init>(I nitialCont ext.java:1 95)
at javax.naming.directory.Ini tialDirCon text.<init >(InitialD irContext. java:80)
at com.wnjsoft.dcc.test.ADTes t.getConte xt(ADTest. java:105)
at com.wnjsoft.dcc.test.ADTes t.main(ADT est.java:1 18)
at sun.reflect.NativeMethodAc cessorImpl .invoke0(N ative Method)
at sun.reflect.NativeMethodAc cessorImpl .invoke(Na tiveMethod AccessorIm pl.java:39 )
at sun.reflect.DelegatingMeth odAccessor Impl.invok e(Delegati ngMethodAc cessorImpl .java:25)
at java.lang.reflect.Method.i nvoke(Meth od.java:32 4)
at com.intellij.rt.execution. applicatio n.AppMain. main(AppMa in.java:78 )
Caused by: javax.net.ssl.SSLHandshake Exception: sun.security.validator.Val idatorExce ption: No trusted certificate found
at com.sun.net.ssl.internal.s sl.BaseSSL SocketImpl .a(DashoA6 275)
at com.sun.net.ssl.internal.s sl.SSLSock etImpl.a(D ashoA6275)
at com.sun.net.ssl.internal.s sl.SSLSock etImpl.a(D ashoA6275)
at com.sun.net.ssl.internal.s sl.SunJSSE _az.a(Dash oA6275)
at com.sun.net.ssl.internal.s sl.SunJSSE _az.a(Dash oA6275)
at com.sun.net.ssl.internal.s sl.SunJSSE _ax.a(Dash oA6275)
at com.sun.net.ssl.internal.s sl.SSLSock etImpl.a(D ashoA6275)
at com.sun.net.ssl.internal.s sl.SSLSock etImpl.j(D ashoA6275)
at com.sun.net.ssl.internal.s sl.SSLSock etImpl.a(D ashoA6275)
at com.sun.net.ssl.internal.s sl.AppOutp utStream.w rite(Dasho A6275)
at java.io.BufferedOutputStre am.flushBu ffer(Buffe redOutputS tream.java :66)
at java.io.BufferedOutputStre am.flush(B ufferedOut putStream. java:124)
at com.sun.jndi.ldap.Connecti on.writeRe quest(Conn ection.jav a:390)
at com.sun.jndi.ldap.LdapClie nt.ldapBin d(LdapClie nt.java:33 4)
at com.sun.jndi.ldap.LdapClie nt.authent icate(Ldap Client.jav a:193)
... 18 more
Caused by: sun.security.validator.Val idatorExce ption: No trusted certificate found
at sun.security.validator.Sim pleValidat or.buildTr ustedChain (SimpleVal idator.jav a:304)
at sun.security.validator.Sim pleValidat or.engineV alidate(Si mpleValida tor.java:1 07)
at sun.security.validator.Val idator.val idate(Vali dator.java :202)
at com.sun.net.ssl.internal.s sl.X509Tru stManagerI mpl.checkS erverTrust ed(DashoA6 275)
at com.sun.net.ssl.internal.s sl.JsseX50 9TrustMana ger.checkS erverTrust ed(DashoA6 275)
... 30 more
--------------------- IIS test --------------------------
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 26 Oct 2004 08:55:50 GMT
Connection: Keep-Alive
Content-Length: 1129
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCSDDTRBA=MBKNK
Cache-control: private
<!--
WARNING!
Please do not alter this file. It may be replaced if you upgrade your web server
If you want to use it as a template, we recommend renaming it, and modifying the new file.
Thanks.
-->
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=big5">
<title id=titletext>正ß
</HEAD>
<body bgcolor=white>
<TABLE>
<TR>
<td id="tableProps" width=70 valign=top align=center>
<IMG id="pagerrorImg" SRC="pagerror.gif" width=36 height=48>
<TD id="tablePropsWidth" width=400>
<h1 id=errortype style="font:14pt/16pt 新細明&#
<id id="Comment1"><!--Problem-
<id id="Comment2"><!--Probable
您想要&#
</id>
<br><br>
<hr size=1 color="blue">
<br>
<ID id=term1>
請稍後&#
</ID>
<P>
</ul>
<BR>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
--------------------------
javax.naming.Communication
at com.sun.jndi.ldap.LdapClie
at com.sun.jndi.ldap.LdapCtx.
at com.sun.jndi.ldap.LdapCtx.
at com.sun.jndi.ldap.LdapCtxF
at com.sun.jndi.ldap.LdapCtxF
at com.sun.jndi.ldap.LdapCtxF
at com.sun.jndi.ldap.LdapCtxF
at javax.naming.spi.NamingMan
at javax.naming.InitialContex
at javax.naming.InitialContex
at javax.naming.InitialContex
at javax.naming.directory.Ini
at com.wnjsoft.dcc.test.ADTes
at com.wnjsoft.dcc.test.ADTes
at sun.reflect.NativeMethodAc
at sun.reflect.NativeMethodAc
at sun.reflect.DelegatingMeth
at java.lang.reflect.Method.i
at com.intellij.rt.execution.
Caused by: javax.net.ssl.SSLHandshake
at com.sun.net.ssl.internal.s
at com.sun.net.ssl.internal.s
at com.sun.net.ssl.internal.s
at com.sun.net.ssl.internal.s
at com.sun.net.ssl.internal.s
at com.sun.net.ssl.internal.s
at com.sun.net.ssl.internal.s
at com.sun.net.ssl.internal.s
at com.sun.net.ssl.internal.s
at com.sun.net.ssl.internal.s
at java.io.BufferedOutputStre
at java.io.BufferedOutputStre
at com.sun.jndi.ldap.Connecti
at com.sun.jndi.ldap.LdapClie
at com.sun.jndi.ldap.LdapClie
... 18 more
Caused by: sun.security.validator.Val
at sun.security.validator.Sim
at sun.security.validator.Sim
at sun.security.validator.Val
at com.sun.net.ssl.internal.s
at com.sun.net.ssl.internal.s
... 30 more
Ok I am trying with u barry with me please, please try to do this:
First: comment the following and try:
System.setProperty("javax. net.ssl.tr ustStore", "d:\\temp\\test.keystore") ;
System.setProperty("javax. net.ssl.tr ustStorePa ssword", "changeit");
Second: r u running over which App. Server or which Servlet engine?
First: comment the following and try:
System.setProperty("javax.
System.setProperty("javax.
Second: r u running over which App. Server or which Servlet engine?
one more thing remember the right LDAP lookup is "ldaps://hostname:636"
ASKER
Still got the same exception after commenting the codes...
The code I wrote is a stand-alone app...not running over any app server...
ok in the URL: http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html
their is a third way to connect using ur certificate, please try it under the section:
http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html
their is a third way to connect using ur certificate, please try it under the section:
http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html
ASKER
Hi,
I've tried the third way(SASL?). Still got the same exception.
I've tried the third way(SASL?). Still got the same exception.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for you time, petmagdy....
http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html