How to reset the user password in RedHat Directory server using Java code via LDAPS?
https://stackoverflow.com/questions/12894033
-
07-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
How can I access the RedHat directory server / HP UX Directory server using LDAPS from my Java application? I am trying to access it through LDAP it's working fine but while using LDAPS it doesn't establishing the connection with the server.
Here is my code, which is not working:
public void setPassword(String userDn,String password) {
InitialDirContext ctx=null;
DirContext connection;
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
String systemname = "ldaps://myserver:636";
env.put(Context.PROVIDER_URL, systemname);
env.put(Context.SECURITY_PRINCIPAL, "cn=directory manager");
env.put(Context.SECURITY_CREDENTIALS, "MySecret");
ctx = new InitialDirContext(env);
connection = (DirContext)ctx;
connection.lookup("dc=mydomain,dc=com");
ModificationItem[] mods = new ModificationItem[1];
Attribute mod0 = new BasicAttribute("userpassword",password);
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0);
connection.modifyAttributes(userDn, mods);
connection.close();
}
The above code works fine if I replace the ldaps by ldap.
But I need the code to work for LDAPS as well. Some sites mention the need for a keystore, certificate, etc. But I don't know about these anything.
Solution
As you are using Java, you need to obtain a copy of the server's certificate or Certificate Authority Chain and add it to the Java Keystore for the JVM you are using with your code.
How to accomplish obtaining the certificate is dependent on the LDAP implementation you are using. The LDAP admin should be able to help.
As to adding the certificate(s) the the Java KeyStore, see Google.
-jim
OTHER TIPS
You can try a couple of things:
- use a known good tool
ldapsearchto verify that LDAP clients can connect to the server - use
openssl s_client -connect host:portto verify clients can establish a secure connection.
