Menu
I am new to spring ldap and facing issue while connecting to LDAP over SSL. I am using Spring LDAP 2.0 to connect LDAP.
applicationContext.xml
<context:property-placeholder location="classpath:ldap.properties" ignore- unresolvable="true"/>
<ldap:context-source id="contextSource" password="${ldap.password}"
url="${ldap.url}" username="${ldap.userDn}" base="${ldap.base}" >
</ldap:context-source>
<ldap:ldap-template id="ldapTemplate" context-source-ref="contextSource" />
Entries from Ldap property file:
ldap.url=ldaps://eun4p3.stp-dev.st.com:636
ldap.userDn=CN=IP User,OU=AdminAccounts,DC=stp-dev,DC=st,DC=com
ldap.password=useme@123
ldap.base=OU=ST,OU=People,DC=stp-dev,DC=st,DC=com
ldap.clean=false
I have imported self signed certificate provided into cacerts file using :
keytool -keystore cacerts -importcert -alias addevcer -file C:\Users\kadianr\Desktop\eun4p3.cer
Below is the error I am getting while making call to ldaps://url:636
Caused by: org.springframework.ldap.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636; nested exception is javax.naming.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:578) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1836) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1857) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.findOne(LdapTemplate.java:1865) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at com.st.liotroevo.web.dao.UserADRepository.findBySamAccountName(UserADRepository.java:48) [classes:]
at com.st.liotroevo.web.service.UserService.findUserBySamAccName(UserService.java:75) [classes:]
at com.st.liotroevo.web.service.UserService.generateSamAccount(UserService.java:145) [classes:]
at com.st.liotroevo.web.service.UserService.populateUserBaiscADAttributes(UserService.java:101) [classes:]
at com.st.liotroevo.web.service.serviceImpl.IPRegistrationServiceImpl.createUser(IPRegistrationServiceImpl.java:48) [classes:]
... 39 more
Caused by: javax.naming.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) [rt.jar:1.7.0_21]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_21]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_21]
at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_21]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_21]
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
... 55 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882) [jsse.jar:1.7.0_21]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102) [jsse.jar:1.7.0_21]
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) [rt.jar:1.7.0_21]
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275) [rt.jar:1.7.0_21]
at java.io.BufferedInputStream.read(BufferedInputStream.java:334) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.Connection.run(Connection.java:849) [rt.jar:1.7.0_21]
... 1 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) [rt.jar:1.7.0_21]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) [rt.jar:1.7.0_21]
at sun.security.validator.Validator.validate(Validator.java:260) [rt.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) [jsse.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) [jsse.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323) [jsse.jar:1.7.0_21]
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) [rt.jar:1.7.0_21]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) [rt.jar:1.7.0_21]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) [rt.jar:1.7.0_21]
I have been through documentation at http://docs.spring.io/autorepo/docs/spring-ldap/2.0.3.CI-SNAPSHOT/reference/#configuration
494
The ldapAuthentication() method configures things so that the user name at the login form is plugged into {0} such that it searches uid={0},ou=people,dc=springframework,dc=org in the LDAP server. Also, the passwordCompare() method configures the encoder and the name of the password's attribute.
Secure your LDAP server connection between client and server application to encrypt the communication. In case of simple bind connection using SSL/TLS is recommended to secure the authentication as simple bind exposes the user crendetials in clear text.
I have resolved problem. Issue is with certificate installed in jdk. We tried installing different certificate signed by CA and that works. We just need to use ldaps with port 636 and install certificate in cacerts..thats it.
123
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
