最近使用LDAP遇到如下一个问题
将服务器的证书导入到/lib/security/cacerts
在Java Application中使用lDAP可以正常认证。但是在websphere中使用相同的代码进行认证时,返回如下错误:
javax.naming.CommunicationException: simple bind failed: 10.200.144.176:636 [Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=W03S1BNKDCS06, DC=reg3, DC=uat1bank, DC=dbs, DC=com is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error]
......将证书导入到WAS的JRE的证书集cacerts中,认证,还是一样的错不知有没有人有遇到相似的错误
将服务器的证书导入到/lib/security/cacerts
在Java Application中使用lDAP可以正常认证。但是在websphere中使用相同的代码进行认证时,返回如下错误:
javax.naming.CommunicationException: simple bind failed: 10.200.144.176:636 [Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=W03S1BNKDCS06, DC=reg3, DC=uat1bank, DC=dbs, DC=com is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error]
......将证书导入到WAS的JRE的证书集cacerts中,认证,还是一样的错不知有没有人有遇到相似的错误
解决方案 »
- js怎么给下拉列表赋值
- 正则 什么意思 String section = line.replaceFirst("^\\[(\\S+)\\]$","$1");
- servlet 入门问题
- jsp发邮件练习,为什么显示mailhost
- FCK编辑框问题
- [Microsoft][SQLServer 2000 Driver for JDBC]Connection reset
- 急急急!!。。在线等。。。大家帮忙看一下这个错误。。。
- String类型转换问题,急啊!!
- 编译自己写的一个日期转换的JAVA时老是如下报错,请各位大侠出手相助!
- 也谈jsp和asp的比较问题
- 急求用javaWeb做个注册页面的方法
- 如何用JAVA来构造SOAPMessage
下面是连接LDAP的代码 public static boolean checkLdap2(String uid, String pwd) {
int totalResults = 0; Hashtable env = new Hashtable(); String address = Constants.ldapaddress;
String keystore = Constants.keystore;
String searchBase = Constants.searchBase;
String ip = Constants.ip; System.out.println("ldapaddress = [" + address + "]");
System.out.println("searchBase = [" + searchBase + "]");
System.out.println("ip = [" + ip + "]");
System.out.println("keystore = [" + keystore + "]"); String adminName = uid + "@" + address;
String adminPassword = pwd;
String ldapURL = "ldaps://" + ip; System.setProperty("javax.net.ssl.trustStore", keystore);
env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory"); env.put("java.naming.security.authentication", "simple");
env.put("java.naming.security.principal", adminName);
env.put("java.naming.security.credentials", adminPassword); env.put("java.naming.security.protocol", "ssl"); env.put("java.naming.provider.url", ldapURL); DirContext ctx = null;
try {
ctx = new InitialLdapContext(env, null);
log.info("认证成功");
System.out.println("认证成功");
} catch (AuthenticationException e) {
log.error("认证失败", e);
} catch (Exception e) {
log.error("认证出错:", e);
} if (ctx != null) {
try {
ctx.close();
return true;
} catch (NamingException localNamingException) {
log.error("认证异常", localNamingException);
}
}
return false;
}
下面是配置项
LDAP_IP=10.200.144.176:636
LDAP_ADDRESS=reg3.uat1bank.dbs.com
LDAP_KEYSTORE=/usr/java5_64/jre/lib/security/cacerts
#换成WAS目录的cacerts依旧不行
LDAP_SearchBASE=DC=reg3,DC=uat1bank,DC=dbs,DC=com之前已经通过keytool 将LDAP服务器的证书导入到cacerts
1.搭建AD服务器
2.搭建CA证书服务器
3.搭建IIS服务器,给其他人颁发证书使用(生成根证书 + 用户证书)
4.在WS侧生成证书库,即导入根证书 + 用户证书文件
5.使用生成的正式库访问AD域中账号信息