You may use this code to test the SSL connection with your AD server.
=====================================================
ADSSLConnectionTest.java
=====================================================
import java.util.*;
import javax.naming.*;
import javax.naming.directory.*;
public class ADSSLConnectionTest
{
private DirContext getContext(String ldaphost, String ldapport, String adminID, String adminpassword, boolean useSSL)
{
DirContext ctx=null;
String providerurl=ldaphost+":"+ldapport;
if(ldapport=="")
{
ldapport="636";
}
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY ,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL ,providerurl);
if(useSSL==true)
{
// if SSL is used - use can use ssl enabled ldaphost
// eg. "ldaps://localhost:636"
// else
// eg. "ldap://localhost:636"
env.put(Context.SECURITY_PROTOCOL, "ssl");
}
env.put(Context.SECURITY_AUTHENTICATION ,"simple");
env.put(Context.SECURITY_PRINCIPAL ,adminID);
env.put(Context.SECURITY_CREDENTIALS ,adminpassword);
ctx = new InitialDirContext(env);
}
catch(Exception ex)
{
ex.printStackTrace();
}
return ctx;
}
public DirContext getContext()
{
DirContext ctx=null;
try {
ctx=getContext("ldaps://localhost","636","CN=Rajnish Bhatia,DC=bhatia,DC=com","Password1",true);
System.out.println("Connected with SSL");
}
catch(Exception ex)
{
System.out.println("NOT Connected with SSL");
ex.printStackTrace();
}
return ctx;
}
public static void main(String[] args) {
try
{
ADSSLConnectionTest c = new ADSSLConnectionTest();
c.getContext();
}catch(Exception ex)
{
ex.printStackTrace();
}
}
}
Compile and run with your credentials as following:
C:\>javac ADSSLConnectionTest.java
C:\>java ADSSLConnectionTest
=============================
Notes
=============================
1. If you have issues, make sure your SSL Certificate is in proper java store such as C:\j2sdk1.4.2_13\jre\lib\security. Make sure you are adding the certificate to the correct (& in path) java cacerts keystore.
2. You may also test by telnet to the server - telnet localhost 636
3. You may list the keystore values as follows:
C:\j2sdk1.4.2_13\jre\lib\security>keytool -list -v -storepass changeit -keystore cacerts
This is how it looks:
*******************************************
*******************************************
Alias name: someclass3g3ca
Creation date: Jun 15, 2004
Entry type: trustedCertEntry
Owner: CN=Some Authority, OU="(c)
1999 Bhatia, Inc. - For authorized use only", OU=Bhatia Trust Network, O="Bhatia, Inc.", C=US
Issuer: CN=Some Authority, OU="(c)
1999 Bhatia, Inc. - For authorized use only", OU=Bhatia Trust Network, O="Bhatia, Inc.", C=US
Serial number: 9b7e0649a33e62b9d5ee90487129ef53
Valid from: Thu Sep 30 20:00:00 EDT 1999 until: Wed Jul 16 19:59:59 EDT 2036
Certificate fingerprints:
MD5: CD:68:B6:A7:C7:C4:CE:75:E0:1D:2F:57:44:61:92:09
SHA1: 13:2D:0D:45:53:4B:69:97:CD:B2:D6:C3:39:E2:55:76:60:9B:5C:C6
*******************************************
*******************************************
Alias name: corp9
Creation date: Mar 17, 2008
Entry type: trustedCertEntry
Owner: CN=srvr-corp9.nj.bhatia.com
Issuer: CN=SRVR-RAS-DC, DC=bhatia, DC=com
Serial number: 2714a16c000000000013
Valid from: Mon Jan 28 12:14:58 CST 2008 until: Tue Jan 27 12:14:58 CST 2009
Certificate fingerprints:
MD5: CD:48:B6:A7:C7:C4:CE:75:E0:1D:2F:57:44:61:92:09
SHA1: 12:1D:0D:45:52:4B:64:97:CD:B2:D6:C3:39:E2:55:76:60:9B:5C:C6
*******************************************
*******************************************
4. Then, make sure your ADITResource in OIM - The server is srvr-corp9.nj.bhatia.com (as per your keystore).
5. For specific ldap error codes, look at the following url:
http://www.directory-info.com/LDAP/LDAPErrorCodes.html
Monday, March 17, 2008
Active Directory SSL Test
Posted by Rajnish Bhatia at 12:49 PM
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment