EXTERNAL binding to LDAP
I'm trying to bind to an LDAP server over SSL using the application server's certificate, rather than simple userDn/password binding. Sun's JNDI page describes this process here http://java.sun.com/products/jndi/tu....html#EXTERNAL. My understanding from the reference manual was that I could use ExternalTlsDirContextAuthenticationStrategy, as long as I set the certificate keystore and trust store in the system environment. However, I am unable to get this to work, as I receive the following error:
javax.naming.NamingException: [LDAP: error code 1 - SSL: connection already established.]
Here's an example code that's causing this error:
When I change this to use userDn/password and remove the External Authentication Strategy, everything works just fine. I really don't want to bind with userDn/password so any help would be appreciated.Code:public class Test { public static void main(String args[]) { System.setProperty("javax.net.ssl.keyStore", "<path_to_keyStore.jks>"); System.setProperty("javax.net.ssl.keyStorePassword", "<jks_password>"); System.setProperty("javax.net.ssl.trustStore", "<path_to_trustStore.jks>"); System.setProperty("javax.net.ssl.trustStorePassword", "<jks_password>"); LdapContextSource ctx = new LdapContextSource(); ctx.setUrl("ldaps://localhost:636"); ctx.setBase("ou=system"); ctx.setPooled(false); ctx .setAuthenticationStrategy(new ExternalTlsDirContextAuthenticationStrategy()); ctx.afterPropertiesSet(); ctx.getReadWriteContext(); LdapTemplate ldapTemplate = new LdapTemplate(ctx); List results = ldapTemplate.search("ou=users", "(cn=John Doe)", new AttributesMapper() { public Object mapFromAttributes(Attributes attrs) throws NamingException { return attrs.get("cn").get(); } }); System.out.println(results); } }
Reply With Quote