我正在尝试通过ssl支持与活动目录连接。
我尝试了以下网站的步骤。
http://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory
当我尝试从java代码连接活动目录时,它会出现以下错误。
Exception in thread "main" javax.naming.CommunicationException: simple bind fail
ed: 172.16.12.4:636 [Root exception is java.net.SocketException: Connection rese
t]
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at ConnectActiveDirectory.main(ConnectActiveDirectory.java:39)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(Unknown Sourc
e)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.kickstart(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.kickstartHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Un
known Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source
)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
at com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)
... 13 more
正在使用的代码是
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.directory.*;
public class ConnectActiveDirectory {
public static void main(String[] args) throws NamingException {
Hashtable env = new Hashtable();
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,"Administrator@mysite.com");
env.put(Context.SECURITY_CREDENTIALS, "password");
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldaps://172.16.12.4:636/cn=Users,dc=mysite,dc=com");
try{
java.io.InputStream in = new java.io.FileInputStream("C:\\client.crt");
java.security.cert.Certificate c = java.security.cert.CertificateFactory.getInstance("X.509").generateCertificate(in);
java.security.KeyStore ks = java.security.KeyStore.getInstance("JKS");
ks.load(null);
if (!ks.containsAlias("alias ldap")) {
ks.setCertificateEntry("alias ldap", c);
}
java.io.OutputStream out = new java.io.FileOutputStream("C:\\keystorefile.jks");
char[] kspass = "changeit".toCharArray();
ks.store(out, kspass);
out.close();
}catch(Exception e){
e.printStackTrace();
}
System.setProperty("javax.net.ssl.trustStore", "C:\\keystorefile.jks");
DirContext ctx = new InitialDirContext(env);
NamingEnumeration enm = ctx.list("");
while (enm.hasMore()) {
System.out.println(enm.next());
}
ctx.close();
}
}
我做错了什么吗?
我在哪里可以得到很好的教程做ssl连接与活动目录?
http://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory站点是否有正确的步骤来创建和连接带有ssl的活动目录?
谁能帮帮我。
2条答案
按热度按时间qmelpv7a1#
在我的AD域被重命名后,我遇到了类似的问题。重新安装证书服务后,您需要删除并重新颁发颁发给您的域控制器的证书。步骤:
1.打开MMC
1.添加管理单元〉证书〉计算机〉本地计算机
1.导航至个人〉证书
1.删除颁发给此计算机的所有旧证书(在我的示例中,这些证书是由旧CA颁发的)
1.右键单击“证书”文件夹,单击“请求新证书”。
1.按照步骤向域控制器颁发新证书。
1.重新启动(不确定这是否有必要,但我在它工作之前重新启动了)
nzk0hqpo2#
我在使用Atlassian Crowd和Active Directory over SSL时收到了同样的错误信息。它不适用于这个特定的问题,但当我试图找出发生了什么时,这个线程是第一个谷歌搜索命中,所以我会在这里写下来。
在我的例子中,我首先在没有SSL的情况下进行测试,然后改为SSL。结果我忘了更改CrowdConnector设置中使用的协议。
之前:ldap://:389之后:文件名://:636
不小心使用ldap://:636给我“连接重置”错误。