Hello!
We are two students who are developing an application for the debian Skolelinux
linux distribution. In this application we need to authenticate users against
the existing LDAP database. We are using Java/JSP/Servlets with the Struts
framework to develop the application.
To do the authentication we will try to bind the the database, and find out if
this was successfull - if not, the user provided the wrong password. The
problem is how to do this... I understand there needs to be a secure connection
with the LDAP in order to bind. SSL? We are kinda newbies both to LDAP and SSL,
but I gave it a shot with the following code:
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
public class Testclass {
// Information about the LDAP-server
public static void main(String args[])
{
String ldapServerName = "XXX.XXX.XXX.XXX";
String rootdn = "dc=skole,dc=skolelinux,dc=no";
String factory = "com.sun.jndi.ldap.LdapCtxFactory";
Hashtable env = new Hashtable(11);
// Prepare the information for the LDAP
env.put(Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" + rootdn);
env.put(Context.INITIAL_CONTEXT_FACTORY, factory);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,"uid=testtest,
ou=People,dc=skole,dc=skolelinux,dc=no");
env.put(Context.SECURITY_CREDENTIALS, "test");
try
{
// Makes the connection
DirContext ctx = new InitialDirContext(env);
// Use ctx here
ctx.close();
}
catch(Exception e)
{
e.printStackTrace(System.out);
}
}
}
I get the following exception:
javax.naming.CommunicationException: simple bind failed: XXX.XXX.XXX.XXX:636
[Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at Testclass.main(Testclass.java:28)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:193)
... 12 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate
found
at
sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at
sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
... 24 more
I understand I need to retrieve a certificate, I just don't know how? Is this
all i need to do in order to do the authentification?