gpt4 book ai didi

Java 代码 无法与安全 openldap 连接?

转载 作者:行者123 更新时间:2023-12-01 17:46:50 29 4
gpt4 key购买 nike

我使用以下命令为 OpenLdap 创建了证书

openssl req -new -x509 -nodes -out /etc/openldap/certs/ldap.crt -keyout /etc/openldap/certs/ldap.key -days 1460

完成其余设置后,我可以通过 Apache Directory Studio 使用 Port 636 连接 Openldap .

现在的挑战是我编写了一个简单的Java程序来连接Openldap并执行一些基本操作,例如创建用户/创建组/删除等。在此之前我通过keytool命令将证书导入本地机器Java keystore 中

keytool -import -noprompt -trustcacerts -alias "ldap1" -file ldap.crt -keystore "C:\Program Files\Java\jdk1.8.0_221\jre\lib\security\cacerts"

添加成功

现在在C:\Windows\System32\drivers\etc\hosts文件中输入了 <IP-ADDRESS> HOSTNAME但是Java程序抛出错误

javax.naming.CommunicationException: simple bind failed: surerest2:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
at com.asiainfo.bdx.ocdp.LdapClient.initLDAPContext(LdapClient.java:148)
at com.asiainfo.bdx.ocdp.LdapClient.createLDAPUser(LdapClient.java:30)
at com.asiainfo.bdx.ocdp.LdapClientTest.main(LdapClientTest.java:14)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at com.sun.jndi.ldap.Connection.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 19 more
Exception in thread "main" java.lang.NullPointerException
at com.asiainfo.bdx.ocdp.LdapClient.closeLdapContext(LdapClient.java:157)
at com.asiainfo.bdx.ocdp.LdapClient.createLDAPUser(LdapClient.java:49)
at com.asiainfo.bdx.ocdp.LdapClientTest.main(LdapClientTest.java:14)

最佳答案

经过几天的努力,问题在 InstallCert 的帮助下解决了它工作得很好。我做了什么?

  1. 下载InstallCert项目

  2. 编译java文件javac InstallCert.java

  3. 访问服务器并尝试获取证书java InstallCert <IP ADDRESS>:<PORT>提供您想要下载服务器的 IP 地址/端口,在我的例子中是 Openldap 服务器详细信息。

  4. 从创建的 jssecacerts keystore 中提取证书 keytool -importcert -alias "1xx.2xx.1xx.97-1" -keystore "C:\Program Files\Java\jre1.8.0_221\lib\security\cacerts" -storepass changeit -file surerest2在这里1xx.2xx.1xx.97-1此端口号和 surerest2hostname

  5. 将证书导入系统 keystore keytool -importcert -alias "1xx.2xx.1xx.97-1" -keystore /workspace/tools/jdk/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/lib/security/cacerts -storepass changeit -file surerest2

    这个改变效果很好

关于Java 代码 无法与安全 openldap 连接?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60853580/

29 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com