Unable to connect to OpenLDAP over SSL

Discussion:

Yasir Khan

2004-02-24 09:48:03 UTC

Hi,

I am using Netscape LDAP Java SDK 4.1. I am trying to connect to online OpenLDAP server running over SSL. LDAP Browser is successfully connected to the OpenLDAP server over SSL. But every time when I run my own code I get the following error.

netscape.ldap.LDAPException: SSL connection to ldap.openldap.org:636 (91); Cannot connect to the LDAP server
at netscape.ldap.factory.JSSESocketFactory.makeSocket(JSSESocketFactory.java:86)
at netscape.ldap.LDAPConnSetupMgr.connectServer(LDAPConnSetupMgr.java:411)
at netscape.ldap.LDAPConnSetupMgr.openSerial(LDAPConnSetupMgr.java:343)
at netscape.ldap.LDAPConnSetupMgr.connect(LDAPConnSetupMgr.java:237)
at netscape.ldap.LDAPConnSetupMgr.openConnection(LDAPConnSetupMgr.java:163)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:1033)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:915)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:759)
at LDAPConnector.connect(LDAPConnector.java:20)

Here is my source code:

LDAPConnection m_ldpCon;
System.out.println("Creating LDAPS Connection");
JSSESocketFactory obj_jsseSocketFactory = new JSSESocketFactory(null);
m_ldpCon = new LDAPConnection(obj_jsseSocketFactory);
m_ldpCon.connect("ldap.openldap.org", 636);

Plz help me to get rid of this error ...?

Regards,
-Yasir

Jon Roberts

2004-02-24 15:22:20 UTC

Permalink

Post by Yasir Khan
I am using Netscape LDAP Java SDK 4.1. I am trying to connect to online
OpenLDAP server running over SSL. LDAP Browser is successfully connected
to the OpenLDAP server over SSL. But every time when I run my own code I
get the following error.

To spare Kurt another post, I'll point out that unless this is an issue
with OpenLDAP failing to provide SSL connections properly (a
misconfiguration you could demonstrate with ldapsearch), this post is
*off-topic*. Try posting to the netscape.public.mozilla.directory list
on news.mozilla.org.

To bring it on topic, you could do the same thing with the (better IMHO)
Novell JLDAP libraries with the following:

System.out.println("Creating LDAPS Connection");
LDAPConnection m_ldpCon = new LDAPConnection( new
LDAPJSSESecureSocketFactory() );
m_ldpCon.connect("ldap.mydomain.org", 636);

Jon Roberts
www.mentata.com

Yasir Khan

2004-02-25 07:31:39 UTC

Permalink

Now I am using Novell JLDAP API instead of Netscape LDAP SDK to connect to
LDAP server over SSL.

Below is my source code:

public static void main(String[] args) {
String str_ldapsHost = "ldap.openldap.org";
int i_ldapsPort = 636;
String str_baseDN = "cacertificate=New,o=ascertia.com.pk";
// performLdapSearchUsingNetscape(str_ldapsHost, i_ldapsPort, str_baseDN,
false);
performLdapSearchUsingNovell(str_ldapsHost, i_ldapsPort, str_baseDN,
true);
}

public static void performLdapSearchUsingNovell(String a_strHost, int
a_iPort, String a_strBaseDN, boolean a_bUseSSL){
try{
com.novell.ldap.LDAPConnection obj_connection = null;
if( a_bUseSSL ){
System.out.println("Adding Security Providers ...");
java.security.Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());

System.getProperties().put("java.protocol.handler.pkgs","com.sun.net.ssl.int
ernal.www.protocol");

System.out.println("Connecting to LDAPS server
"+a_strHost+":"+a_iPort);
com.novell.ldap.LDAPJSSESecureSocketFactory obj_sslSocketFactory =
new com.novell.ldap.LDAPJSSESecureSocketFactory();
obj_connection = new
com.novell.ldap.LDAPConnection(obj_sslSocketFactory);
}
else{
System.out.println("Connecting to LDAP server
"+a_strHost+":"+a_iPort);
obj_connection = new com.novell.ldap.LDAPConnection();
}
obj_connection.connect( a_strHost, a_iPort );
System.out.println("Connection to LDAP server
"+a_strHost+":"+a_iPort+" is successful");

System.out.println("Perfoming LDAP search ...");
com.novell.ldap.LDAPSearchResults obj_ldapResults =
obj_connection.search(a_strBaseDN, com.novell.ldap.LDAPConnection.SCOPE_SUB,
"objectclass=*", null, false);
System.out.println("LDAP Results Found : "+obj_ldapResults.getCount());
}
catch (Exception ex) {
ex.printStackTrace();
}
}

Here is output of the program:

Adding Security Providers ...
Connecting to LDAPS server ldap.openldap.org:636
Connection to LDAP server ldap.openldap.org:636 is successful
Perfoming LDAP search ...
LDAPException: I/O Exception on host ldap.openldap.org, port 636 (91)
Connect Error
java.net.SocketException: Socket closed
at com.novell.ldap.Connection.writeMessage(Unknown Source)
at com.novell.ldap.Connection.writeMessage(Unknown Source)
at com.novell.ldap.Message.sendMessage(Unknown Source)
at com.novell.ldap.MessageAgent.sendMessage(Unknown Source)
at com.novell.ldap.LDAPConnection.search(Unknown Source)
at com.novell.ldap.LDAPConnection.search(Unknown Source)
at com.novell.ldap.LDAPConnection.search(Unknown Source)
at
com.ascertia.ldapclient.ASC_LDAPConnector.performLdapSearchUsingNovell(ASC_L
DAPConnector.java:35)
at
com.ascertia.ldapclient.ASC_LDAPConnector.main(ASC_LDAPConnector.java:12)

I have also tested the same program with my local Netscape Directory Server
v4.2, but got the same results. Any help or ideas would be highly
appreciated.
Thanx.

Regards,
Yasir

----- Original Message -----
From: "Jon Roberts" <***@mentata.com>
To: "Yasir Khan" <***@ascertia.com>
Cc: <openldap-***@OpenLDAP.org>
Sent: Tuesday, February 24, 2004 8:22 PM
Subject: Re: Unable to connect to OpenLDAP over SSL

Post by Jon Roberts

To spare Kurt another post, I'll point out that unless this is an issue
with OpenLDAP failing to provide SSL connections properly (a
misconfiguration you could demonstrate with ldapsearch), this post is
*off-topic*. Try posting to the netscape.public.mozilla.directory list
on news.mozilla.org.
To bring it on topic, you could do the same thing with the (better IMHO)
System.out.println("Creating LDAPS Connection");
LDAPConnection m_ldpCon = new LDAPConnection( new
LDAPJSSESecureSocketFactory() );
m_ldpCon.connect("ldap.mydomain.org", 636);
Jon Roberts
www.mentata.com