Re: Authenicating users against LDAP

To: debian-edu@lists.debian.org
Subject: Re: Authenicating users against LDAP
From: Ragnar Wisloff <ragnar@skolelinux.no>
Date: Thu, 10 Mar 2005 14:57:47 +0100
Message-id: <[🔎] 4230525B.600@skolelinux.no>
In-reply-to: <[🔎] 1110456345.4230381975cc7@webmail.hio.no>
References: <[🔎] 1110456345.4230381975cc7@webmail.hio.no>

Stein Kristiansen skrev:

Hello!

We are two students who are developing an application for the debian Skolelinux
linux distribution. In this application we need to authenticate users against
the existing LDAP database. We are using Java/JSP/Servlets with the Struts
framework to develop the application.

To do the authentication we will try to bind the the database, and find out if
this was successfull - if not, the user provided the wrong password. The
problem is how to do this... I understand there needs to be a secure connection
with the LDAP in order to bind. SSL? We are kinda newbies both to LDAP and SSL,
but I gave it a shot with the following code:

import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;

public class Testclass {

 // Information about the LDAP-server
 public static void main(String args[])
 {
   String ldapServerName = "XXX.XXX.XXX.XXX";
   String rootdn = "dc=skole,dc=skolelinux,dc=no";
   String factory = "com.sun.jndi.ldap.LdapCtxFactory";

   Hashtable env = new Hashtable(11);

   // Prepare the information for the LDAP
   env.put(Context.PROVIDER_URL, "ldap://"; + ldapServerName + "/" + rootdn);
   env.put(Context.INITIAL_CONTEXT_FACTORY, factory);
   env.put(Context.SECURITY_PROTOCOL, "ssl");
   env.put(Context.SECURITY_AUTHENTICATION, "simple");
 env.put(Context.SECURITY_PRINCIPAL,"uid=testtest,
ou=People,dc=skole,dc=skolelinux,dc=no");
   env.put(Context.SECURITY_CREDENTIALS, "test");

   try
   {
     // Makes the connection
     DirContext ctx = new InitialDirContext(env);

     // Use ctx here

     ctx.close();
   }
   catch(Exception e)
   {
     e.printStackTrace(System.out);
   }
 }
}

I get the following exception:

javax.naming.CommunicationException: simple bind failed: XXX.XXX.XXX.XXX:636
[Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found]
	at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
	at javax.naming.InitialContext.init(InitialContext.java:219)
	at javax.naming.InitialContext.<init>(InitialContext.java:195)
	at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
	at Testclass.main(Testclass.java:28)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
	at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
	at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
	at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
	at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:193)
	... 12 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate
found
	at
sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
	at
sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
	at sun.security.validator.Validator.validate(Validator.java:202)
	at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
	at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
	... 24 more

I understand I need to retrieve a certificate, I just don't know how? Is this
all i need to do in order to do the authentification?

Most likely this is caused by the fact that SLX uses self signedcertificates.


You will need to find out how to deal with such certs in your code.


Ragnar

Reply to:

References:
- Authenicating users against LDAP
  - From: Stein Kristiansen <Stein.Kristiansen@iu.hio.no>

Prev by Date: Authenicating users against LDAP
Next by Date: Re: Yes, I will participate in the development gathering the 15-18th of April
Previous by thread: Authenicating users against LDAP
Next by thread: Re: Authenicating users against LDAP
Index(es):
- Date
- Thread