当我想与活动目录的ssl建立连接时,它给了我这个错误我不知道它可以。
我已经在java和glassfish商店中拥有证书。
问题创建对象:javax.net.ssl.SSLPeerUnverifiedException:服务器的主机名' 172.18.141.100'与服务器证书中的主机名不匹配。
这是一段代码
Hashtable env = new Hashtable();
String user = "siampuser";
String adminPassword = "S14mpad";
String userName = "CN=" + primerNombre + ' ' + primerApellido + "," + "OU=testunit3,DC=mp,DC=gob,DC=gt";
String groupName = "CN=Configuration,OU=testunit3,DC=mp,DC=gob,DC=gt";
env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple");
env.put(javax.naming.Context.SECURITY_PRINCIPAL, user + "@" + domain);
env.put(javax.naming.Context.SECURITY_CREDENTIALS, adminPassword);
env.put(javax.naming.Context.PROVIDER_URL, ldapHost);
try {
LdapContext ctx = new InitialLdapContext(env, null);
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass", "user");
attrs.put("samAccountName", usuario);
attrs.put("givenName", primerNombre + ' ' + segundoNombre);
attrs.put("sn", primerApellido + ' ' + segundoApellido);
attrs.put("cn", primerNombre + ' ' + primerApellido);
attrs.put("description", puesto);
attrs.put("physicalDeliveryOfficeName", dependencia + ' ' + departamento);
attrs.put("telephoneNumber", fechaNacimiento + '/' + dpi + '/' + nit);
attrs.put("mail", usuario + "@mp.gob.gt");
attrs.put("title", puesto);
attrs.put("department", dependencia);
if (nip != null) {
attrs.put("wWWHomePage", nip.toString());
//attrs.put("st", nip.toString());
}
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
attrs.put("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));
javax.naming.Context result = ctx.createSubcontext(userName, attrs);
System.out.println("usuario creado : " + userName);
StartTlsResponse tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
SSLSession session = tls.negotiate();
//tls.negotiate();
ModificationItem[] mods = new ModificationItem[2];
String newQuotedPassword = "\"" + password + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
//mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD)));
// Perform the update
ctx.modifyAttributes(userName, mods);
System.out.println("Set password & updated userccountControl");
//now add the user to a group.
try {
ModificationItem member[] = new ModificationItem[1];
member[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName));
ctx.modifyAttributes(groupName, member);
System.out.println("Usuario agregado a la ou: " + groupName);
} catch (NamingException e) {
System.err.println("Error al agregar el usario a la ou: " + e);
return new Response("Error al agregar el usario a la ou: " + e, ResponseStatus.ERROR);
}
tls.close();
ctx.close();
//System.out.println("usuario crearo existosamente: " + userName);
return new Response("usuario crearo existosamente: " + userName, ResponseStatus.OK_QUERY);
} catch (NamingException e) {
System.err.println("Error al crear el usuario: " + e);
return new Response("Error al crear el usuario: " + e, ResponseStatus.ERROR);
} catch (IOException e) {
System.err.println("Problem creating object: " + e);
}
return null;