我们正在尝试使用Java技术集成LDPA身份验证,但在使用下面的代码时无法连接IDAM-NETIQ服务器,
参数详情,
INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
PROVIDER_URL, "ldap:// IP ADDRESS :10389");
SECURITY_PRINCIPAL, "CN=Testnetiq.O=IBOM_test");
SECURITY_CREDENTIALS, "PASSWORD");
package com.test.poc;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
public class Testing {
public static void main(String[] args) throws Exception {
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, "ldap:// ldap ip :10389");
props.put(Context.SECURITY_PRINCIPAL, "CN=Testnetiq.O=IBOM_test");
props.put(Context.SECURITY_CREDENTIALS, "Wipro@123");
InitialDirContext context = new InitialDirContext(props);
SearchControls ctrls = new SearchControls();
ctrls.setReturningAttributes(new String[] { "givenName", "sn", "memberOf" });
ctrls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<javax.naming.directory.SearchResult> answers = context.search("o=IBOM_test",
"(uid=" + "Test123" + ")", ctrls);
javax.naming.directory.SearchResult result = answers.nextElement();
String user = result.getNameInNamespace();
try {
props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, "ldap://ldap ip :10389");
props.put(Context.SECURITY_PRINCIPAL, user);
props.put(Context.SECURITY_CREDENTIALS, "Test@123");
context = new InitialDirContext(props);
} catch (Exception e) {
System.out.println("false");
}
System.out.println("True");
}
}
访问时我们收到如下错误,
错误] javax.naming.AuthenticationNotSupportedException:[LDAP:错误 代码13 - 需要保密] [错误] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3127)[错误] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)[错误]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) [错误]在com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)[错误] 在com.sun.jndi.ldap.LdapCtx。(LdapCtx.java:319)[错误] at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) [错误]在 com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) [错误]在 com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) [错误]在 com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) [错误]在 org.apache.aries.jndi.ContextHelper.getInitialContextUsingBuilder(ContextHelper.java:244) [错误]在[内部班级] [错误]在 javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [错误]在 javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) [错误]在javax.naming.InitialContext.init(InitialContext.java:244)
我们的java代码或LDAP服务器有什么问题?
答案 0 :(得分:0)
堆栈跟踪表明您的LDAP服务器需要TLS / SSL(LDAP:错误代码13 - 需要机密性)。
尝试连接到LDAPS端口。
通常是636。
在您的情况下,由于您尝试在端口10389上进行连接,因此可能是10636。
您可能还需要将组织CA证书导入Java密钥库,以便能够成功连接。
这些是使用iManager导出证书的说明。
导出组织CA的自签名证书:
Launch iManager.
Log in to the eDirectory tree as an administrator with the appropriate rights.
To view the appropriate rights for this task, see Entry Rights Needed to Perform Tasks.
On the Roles and Tasks menu, click NetIQ Certificate Server > Configure Certificate Authority.
This brings up the property pages for the Organizational CA, which include a General page, a CRL page, a Certificates page, and other eDirectory-related pages.
Click Certificates, then select the self-signed certificate.
Click Export and follow the prompts to export the certificate.
This starts the Certificate Export Wizard. Ensure the Export private key check box is not selected (does not have a check mark).
Click Finish.
您可以在此处找到该信息:https://www.netiq.com/documentation/edirectory-91/edir_admin/data/b1j4tpo3.html#b1j4tu55