SOLVED: How To Use LDAP over SSL (no certs) from java program

Similar Messages

• Failed to use LDAP over SSL MUTUAL AUTHENTICATION with some Directory enable SSL.

  In iPlanet Web Server, Enterprise Edition Administration's guide, chapter 5: secure your web server - Using SSL and TLS protocol specifying that the Administrator server camn communicate LDAP over SSL with some Directory enable SSL.
  Is there any way to configure iplanet Administration server to talk ldap/ssl in mutual authentication mode with some directory?

  Hi,
  Sorry, I could not understand what your are trying to do with iWS.
  Could you please berifly explain your question. So that I can help you.
  Regards,
  Dakshin.
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support.

• How to call a exe or bat file from java program

  hi,
  i actually want to know that how to call a exe or bat file from program so that i can run them parallely.

  Try this :
  String strCmd = "myFile.bat";
  try
       Runtime rTime = Runtime.getRuntime();
       Process process = rTime.exec(strCmd);
       InputStream p_in = process.getInputStream();
       OutputStream p_out = process.getOutputStream();
       InputStream p_err = process.getErrorStream();
       p_in.close();
       p_out.close();
       p_err.close();
  catch(Exception e) {
       throw new Exception("Unable to start, "+strCmd);
  }

• LDAP over SSL

  A hosted service wants to authenticate against our AD.  They recommend using LDAPS. 
  What is best practice?  Install a public certificate on a DC. 
  For instance on DC1.contoso.com.  Then would I open up 443 on the firewall to that DC and allow from that IP? How would that affect other local LAN clients authenticating to that DC?

  A hosted service wants to authenticate against our AD.  They recommend using LDAPS. 
  What is best practice?  Install a public certificate on a DC. 
  For instance on DC1.contoso.com.  Then would I open up 443 on the firewall to that DC and allow from that IP? How would that affect other local LAN clients authenticating to that DC?
  If its hosted services & if its supports ADAM/AD LDS, then its much safe to use them instead of RWDC or RODC. Enabling LDAP over SSL enhances the security of the information how information is transmitted when client tries to contact DC for the information(authentication/authorization).
  Normally w/o LDAPs being configured in the environment, when client queries a DC in the domain, the information is transmitted in the plain text which ca be read by the hacker using tools available for free. The reason is simple the information on transit
  is not encrypted, but enabling LDAP over SSL prevent the unencrypted queries & provide more security.
  You can't simple implement LDAP over SSP, but it needs PKI infrastructure, planning & designing which is comprehensively listed into the document URL posted by Justin. You can also use ldap over SSL using AD LDS.
  http://blogs.technet.com/b/pki/archive/2011/06/02/implementing-ldaps-ldap-over-ssl.aspx
  Awinish Vishwakarma - MVP
  My Blog: awinish.wordpress.com
  Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

• Trying to determine if LDAP over SSL is working using LDP.exe

  Hi,
  I just wanted to confirm that LDAP over SSL is working properly on our domain controller.  When I connect using LDP.exe on my Windows 7 computer, I get the following output:
  ld = ldap_sslinit("dc1.domain.com", 636, 1);
  Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
  Error 0 = ldap_connect(hLdap, NULL);
  Error 0 = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);
  Host supports SSL, SSL cipher strength = 128 bits
  Established connection to dc1.domain.com.
  Retrieving base DSA information...
  Getting 1 entries:
  Dn: (RootDSE)
  <unnecessary details>
  It looks like it is working, but I wasn't sure if the Error 0's mean there is some sort of problem.
  Also, when I run a Simple bind with my credentials, I get the following output:
  res = ldap_simple_bind_s(ld, 'myuseraccount-at-domaindotcom', <unavailable>); // v.3
  Authenticated as: 'DOMAIN\myuseraccount'.
  Finally, when I run a Bind as currently logged on user (with Encrypt traffic after bind checked), I get the following output:
  53 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 1)
  res = ldap_bind_s(ld, NULL, &NtAuthIdentity, NEGOTIATE (1158)); // v.3
  {NtAuthIdentity: User='NULL'; Pwd=<unavailable>; domain = 'NULL'}
  Authenticated as: 'DOMAIN\myuseraccount'.
  I followed all the instructions found in Microsoft article KB-321051 to get LDAP over SSL working with a valid 3rd party certificate on one of our Windows 2008 R2 domain controllers.  However, when I test Active Directory Authentication on our
  WatchGuard Management Server after importing the CA certificate, the test fails.  In order to use Active Directory Authentication, LDAPS (LDAP over SSL) must be enabled in the Active Directory domain and I am not 100% sure that it is enabled properly.
  Any advice or additional insight would be greatly appreciated.
  Thanks!

  Some ideas:
  DNS Name: KB-321051 says that you need the DNS name in either Subject CN or Subject Alternative Name. Which one did you use? Windows clients are fine with an empty CN and only the SAN populated (there the "either or" statement in the article)
  but third-party tools often look for the DNS name in the Subject CN.
  Even if the WatchGuard Server runs on Windows it might use its own certificate checking logic.
  DC certificate(s): Does the DC have more than this certificate? If yes I'd run a network trace to check which one the machine is actually sending in the SSL handshake.
  Chaining issues at your LDAP client / the WatchGuard Management Server:
  Very often such issues are related to the fact that the certificate chain is not validated properly. Some typical issues:
  It is not clear whether the client uses the Windows certificate store (even if it runs on a Windows server).
  Tools / systems / PKI clients can only deal with a single root CA, not with a hierarchy.
  You need to import both Root and intermediate CAs as the client cannot fetch the intermediates from AIA URLs.
  The client cannot access CRL URLs because of firewalls rules or missing access (e.g.: A CRL URL in AD is used but the client does not have an AD user in whose context it would try to fetch the CRL).
  The client has issues with blanks or special characters in CDP or AIA URLs.
  Having a quick look at
  WatchGuard documentation it seems to me that they are using their own certificate stores you need to import CA certificates to. And they only mention a "Root CA" so if your PKI has two levels you might need to import both CAs to the so-called Root store.
  Elke

• LC + ActiveDirectory + LDAP over SSL = doesn't work

  Hi,
  I installed Active Directory Certificate Services. Now I want setup LDAP over SSL. Unfortunatelly it doesn't work. I pressed "Test" and always get "Invalid username or invalid password" (
  German: "Ungültiger Benutzername oder ungültiges Kennwort"). I'm pretty sure username and password are fine (it worked before I installed Active Directory Certificate Services and used LDAP without SSL).
  On server.log, I got this:
  2011-11-12 00:51:28,202 INFO  [com.adobe.idp.um.businesslogic.synch.LdapHelper] Following stacktrace is generated due to the Test LDAP Server Configuration action
  javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
          at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
          at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
          at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
          at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
          at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
          at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
          at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
          at javax.naming.InitialContext.init(InitialContext.java:223)
          at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
          at com.adobe.idp.um.businesslogic.synch.LdapHelper.createContext(LdapHelper.java:663)
          at com.adobe.idp.um.businesslogic.synch.LdapHelper.testServerConfig(LdapHelper.java:682)
          at com.adobe.idp.um.ui.config.ConfigDirectoryEditAction.testServerSettings_onClick(ConfigDirectoryEditAction.java:215)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at com.cc.framework.adapter.struts.ActionUtil.handleFormAction(Unknown Source)
          at com.cc.framework.adapter.struts.FWAction.handleFormAction(Unknown Source)
          at com.cc.framework.adapter.struts.ActionUtil.execute(Unknown Source)
          at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
          at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
          at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
          at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
          at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
          at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:173)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:91)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.idp.um.auth.filter.CSRFFilter.doFilter(CSRFFilter.java:41)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
          at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
          at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:543)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
          at java.lang.Thread.run(Thread.java:619)
  Do you have some Idea?
  cu Floh

  I have not done it for Netscape yet but I have done it for Novell and JNDI.. Here is the settings for Novell
  // Dynamically set JSSE as a security provider
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  // Dynamically set the property that JSSE uses to identify
  // the keystore that holds trusted root certificates
  System.setProperty("javax.net.ssl.trustStore", m_connectionData.getLocal("KeyStore").toString());
  ssf = new LDAPJSSESecureSocketFactory();
  // Set the socket factory as the default for all future connections
  LDAPConnection.setSocketFactory(ssf);

• Ldap over ssl in windows 2008 r2

  hi
  i wanted to configure ldap over ssl and i have created security template along with apropriate persmission however when i want to add it my domain 2008 R2  computer it gives me error.
  ""the permision on the certificate template do not allow the current user to enrol for this type of certificate""
  ""you do not have perssmion to view this type of certificate""
  kindly advise me.
  greenman

  On Sun, 23 Feb 2014 08:23:40 +0000, GreeMann wrote:
  I believe my main problem is that I can not issue any template I have tried other template but I get the same permission error I have tried different account I get the same permission error, is there any way that we can change the default template permission.?
  You have not followed the instructions I gave. As I've said in previous
  posts, the way you've got this template configured is never going to work
  as it is configured to build the subject information from AD and one of the
  attributes being included in the Subject Alternative Name is the DNS. Since
  you're using a user account to request the certificate when it attempts to
  build the subject alternative name it is trying to add the user's DNS name.
  A user account does not have a DNS name.
  I would suggest that you delete any custom templates you've already created
  and start over again. As per one of my previous posts:
  http://technet.microsoft.com/en-us/library/ff625722%28v=ws.10%29.aspx
  Follow the instructions in the Using the Certificate Enrollment wizard with
  an enterprise CA section.
  If you don't follow the instructions I've given you, I can't help you.
  Paul Adare - FIM CM MVP
  Of all the things I've lost, I miss my mind the most.

• How to use SQL OVER and PARTITION BY in OBIEE Expression Builder??

  Hi there,
  I want to create a new logical coulmn with the following SQL query.
  SUM(Inventory Detail.Qty) OVER(PARTITION BY Inventory Detail.A,Inventory Detail.B,Item.C,Inventory Detail.D,MyDATE )/SUM(Inventory Detail.Qty) OVER(PARTITION BY Inventory Detail.A,Inventory Detail.B,Item.C )
  How to use the OVER and PARTITION BY in OBIEE Expression Builder??
  Thanks in Advance

  hi bipin,
  We cant use by in Expression builder(rpd) .But use the same formula like this in Fx of answers
  SUM(Inventory Detail.Qty) OVER(PARTITION BY Inventory Detail.A,Inventory Detail.B,Item.C,Inventory Detail.D,MyDATE )/SUM(Inventory Detail.Qty) >OVER(PARTITION BY Inventory Detail.A,Inventory Detail.B,Item.C )SUM(Inventory Detail.Qty by Detail,ITEM,Mydate)/SUM(qty by detail,item)
  First check the numerator whether it was giving correct results or not then go with denominator
  compare the results with sql that u have
  Let me know if that does work
  thanks,
  saichand.v
  Edited by: Saichand Varanasi on Jul 27, 2010 9:27 PM
  Edited by: Saichand Varanasi on Jul 27, 2010 9:28 PM

• Dreamweaver (on Windows 7) wont connect to IIS (v7) Server using "FTP over SSL/TLS..."

  I am evauating wether to purchase Dreamweaver CS6...
  Dreamweaver CS6 trial (on Windows 7) wont connect to IIS (v7) Server using "FTP over SSL/TLS (explicit encryption)".  I have a NEW Godaddy SSL certificate installed on the IIS server. 
  On connecting Dreamweaver states: "Server Certificate has expired or contains invalid data"
  I have tried:
  -ALL the Dreamweaver Server setup options
  -Using multiple certificates (tried 2048 bit and 4096 bit Godaddy SSL certificates)
  -Made sure the certificate 'issued to' domain name matches my domain name.
  I am able to connect no problem using Filezilla, with equivalent Filezilla setting "Require explicit FTP over TLS".  I can also connect fine using Microsoft Expression web. 

  Thanks for your prompt reply.
  My comments:
  1) You should update your tread (forums.adobe.com/thread/889530) to reflect that it still occurs on CS6 (I had already read it but figured it was an old tread and thus should be fixed by now). 
  2) You said “These warnings will also pop up for your users if you have a store saying the SSL certificate does not match the domain/ip and this can make users checking out in a storefront very nervous” .  This does not seem to be correct – my https pages display properly using the same Godaddy certificate … using IE:
  3) Godaddy is not my host (I use Amazon AWS) – but the SSL certificate is from them.

• HT1382 How can I copy over my contact list from my ipod touch 3 to my new ipod touch 5 ?

  How can I copy over my contact list from my ipod touch 3 to my new ipod touch 5 ??

  Sync it with iTunes on your computer.

• QuestionJust purchased a USB Super Drive but unsure how to use it - o instructions provided apart from how to eject a cd.  Each time I put in a cd it just ejects it again.

  Just purchased a USB Super Drive but unsure how to use it - o instructions provided apart from how to eject a cd.  Each time I put in a cd it just ejects it again.Can anyone help.

  USB is rarely bootable under Mac OS X and PowerPC Macs.   Get a Firewire Superdrive from http://www.macsales.com/ if your intent is to boot the machine.   PPC, which is PowerPC, indicates the Mac predates 2006.

• Help me!    How to use it as a web service from third party application?

  After using JDeveloper to develop BSSV object e.g. JP550010, how to use it as a web service from third party application?
  TKS！

  Obviously the OP is working on a project for the Bead Society of Southeastern Virginia http://www.bssv.org. Oh, wait, maybe he's researching the Blueberry Shoestring Plant Virus http://abbreviations.yourdictionary.com/bssv
  :D
  John

• How to use utl_ftp package to transfer files from one system to another

  Hi all,
  How to use utl_ftp package to transfer files from one system to another using plsql procedure .
  I failed to find the appropriate document ,kindly help me .
  Thanks,
  P Prakash

  prakash wrote:
  I am sorry tell you, this blog is not enough to for me.It's not a blog, it's Chris' website where you download the package from. Once you download the package and unrar it, then the package spec gives instructions (and I think there's instructions on how to install it too).
  Kindly let me know if there is any oracle documentation for this .It's not an Oracle created package, it was created by Chris. It's based around the UTL_TCP package if you really want to get into the nitty gritty of how it works, but I don't think you do.

• How to use line wrapping and line spacing in java?how to use line wrapping

  how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?how to use line wrapping and line spacing in java?

  Hello,
  You should post your question at:
  http://java.forum.sun.com
  Thanks
  - Rose

• How to use line wrapping and line spacing in java?

  how to use line wrapping and line spacing in java?

  Hi,
  This is explained in the java Tutorial. Please see the link:
  http://java.sun.com/docs/books/tutorial/i18n/text/line.html
  and find some sample examples.
  Hope this helps,
  --Sun/DTS