Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure SSL in Spring LDAP?

Tags:

spring

ssl

active-directory

I am new to spring ldap and facing issue while connecting to LDAP over SSL. I am using Spring LDAP 2.0 to connect LDAP.

applicationContext.xml

   <context:property-placeholder location="classpath:ldap.properties" ignore-  unresolvable="true"/>

   <ldap:context-source id="contextSource" password="${ldap.password}"
        url="${ldap.url}" username="${ldap.userDn}" base="${ldap.base}" >
   </ldap:context-source>

   <ldap:ldap-template id="ldapTemplate" context-source-ref="contextSource" />


Entries from Ldap property file:

   ldap.url=ldaps://eun4p3.stp-dev.st.com:636
   ldap.userDn=CN=IP User,OU=AdminAccounts,DC=stp-dev,DC=st,DC=com
   ldap.password=useme@123
   ldap.base=OU=ST,OU=People,DC=stp-dev,DC=st,DC=com
   ldap.clean=false

I have imported self signed certificate provided into cacerts file using :

   keytool -keystore cacerts -importcert -alias addevcer -file  C:\Users\kadianr\Desktop\eun4p3.cer

Below is the error I am getting while making call to ldaps://url:636

Caused by: org.springframework.ldap.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636; nested exception is javax.naming.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:578) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1836) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1857) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.findOne(LdapTemplate.java:1865) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at com.st.liotroevo.web.dao.UserADRepository.findBySamAccountName(UserADRepository.java:48) [classes:]
    at com.st.liotroevo.web.service.UserService.findUserBySamAccName(UserService.java:75) [classes:]
    at com.st.liotroevo.web.service.UserService.generateSamAccount(UserService.java:145) [classes:]
    at com.st.liotroevo.web.service.UserService.populateUserBaiscADAttributes(UserService.java:101) [classes:]
    at com.st.liotroevo.web.service.serviceImpl.IPRegistrationServiceImpl.createUser(IPRegistrationServiceImpl.java:48) [classes:]
    ... 39 more
Caused by: javax.naming.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215) [rt.jar:1.7.0_21]
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740) [rt.jar:1.7.0_21]
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) [rt.jar:1.7.0_21]
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) [rt.jar:1.7.0_21]
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) [rt.jar:1.7.0_21]
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) [rt.jar:1.7.0_21]
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) [rt.jar:1.7.0_21]
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_21]
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_21]
    at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_21]
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_21]
    at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    ... 55 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.7.0_21]
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) [jsse.jar:1.7.0_21]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) [jsse.jar:1.7.0_21]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) [jsse.jar:1.7.0_21]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) [jsse.jar:1.7.0_21]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) [jsse.jar:1.7.0_21]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) [jsse.jar:1.7.0_21]
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) [jsse.jar:1.7.0_21]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) [jsse.jar:1.7.0_21]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) [jsse.jar:1.7.0_21]
    at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882) [jsse.jar:1.7.0_21]
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:102) [jsse.jar:1.7.0_21]
    at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) [rt.jar:1.7.0_21]
    at java.io.BufferedInputStream.read1(BufferedInputStream.java:275) [rt.jar:1.7.0_21]
    at java.io.BufferedInputStream.read(BufferedInputStream.java:334) [rt.jar:1.7.0_21]
    at com.sun.jndi.ldap.Connection.run(Connection.java:849) [rt.jar:1.7.0_21]
    ... 1 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) [rt.jar:1.7.0_21]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) [rt.jar:1.7.0_21]
    at sun.security.validator.Validator.validate(Validator.java:260) [rt.jar:1.7.0_21]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) [jsse.jar:1.7.0_21]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) [jsse.jar:1.7.0_21]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) [jsse.jar:1.7.0_21]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323) [jsse.jar:1.7.0_21]
    ... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) [rt.jar:1.7.0_21]
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) [rt.jar:1.7.0_21]
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) [rt.jar:1.7.0_21]

I have been through documentation at http://docs.spring.io/autorepo/docs/spring-ldap/2.0.3.CI-SNAPSHOT/reference/#configuration

like image 494
Ravinder Kadian Avatar asked Mar 04 '15 14:03

Ravinder Kadian

People also ask

How do you set up LDAP authentication using Spring Security?

The ldapAuthentication() method configures things so that the user name at the login form is plugged into {0} such that it searches uid={0},ou=people,dc=springframework,dc=org in the LDAP server. Also, the passwordCompare() method configures the encoder and the name of the password's attribute.

Does LDAP Use SSL?

Secure your LDAP server connection between client and server application to encrypt the communication. In case of simple bind connection using SSL/TLS is recommended to secure the authentication as simple bind exposes the user crendetials in clear text.

1 Answers

I have resolved problem. Issue is with certificate installed in jdk. We tried installing different certificate signed by CA and that works. We just need to use ldaps with port 636 and install certificate in cacerts..thats it.

like image 123
Ravinder Kadian Avatar answered Nov 15 '22 03:11

Ravinder Kadian
Sign in to Comment

Related questions

Spring Security RememberMe & RESTful API
Spring MVC: No handler found for correctly resolved JSP
Read only access to certain logged in customer | Spring-MVC
Spring 4 AbstractWebSocketMessageBrokerConfigurer With SockJS Not Negotiating Transport Properly
The difference between the Spring Framework and Spring Boot? [closed]
How to use a prepared statement correctly with Spring JDBCTemplate?
Push message from Java with Spring 4 WebSocket
org.hibernate.HibernateException: save is not valid without active transaction in my case
Inserting data into multiple tables with spring jdbcTemplate [closed]
Sending multiple messages to the same topic with Stomp
@EnableSpringConfigured import
java.lang.NoClassDefFoundError: org/springframework/transaction/interceptor/TransactionInterceptor error: Spring Mvc Project
Is it right to use spring DI without interface
How to guarantee JMS reliable delivery
Consuming different input JSON format by same URL and same method in Spring RESTful service
Spring Data JPA: Implementing Custom Repository Behavior with Specifications
Spring JPA Repository query filter by a relationship table
Spring boot applicaton will not stay up
How to only autowire a specific class in JUnit spring test?
How to handle addressing to static pages in Spring MVC

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!