I'm able to authenticate to Active Directory if there is need to configure only one AD server. The solution is given as Active Directory authentication through ssl as anonymous user by me.
Now I'm stuck when there is multiple ADs running behind a Load Balancer.
Since Load Balancer is in between, I will get the Host name only and the IP of AD will be replaced with the Host name behind the Load Balancer based on the availability. Therefore, I won't be able to know which Active Directory server will be used to process my request of authentication. So , I won't be able to generate the certificate in advance. Also, I can't get the IPs of ADs my client is using for balancing the load(for security reasons). so there is no point of generating jssecacert. All I need to do is to disable the certificate validation. I'm using LdapTemplate class(using spring-ldap 1.3.1) to authenticate the user. My spring Config looks like this...
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<property name="contextSource" ref="contextSource" />
<property name="ignorePartialResultException" value="yes" />
</bean>
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldaps://xxx.xxx.xxx.xxx:636" />
</bean>
The authenticate method:
public boolean login(String username, String password) {
System.setProperty("javax.net.ssl.trustStore",
.../jssecacerts");
boolean authenticate=false;
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("xyz","xyz"));
filter.and(new EqualsFilter("xyz", xyz));
authenticate = this.ldapTemplate.authenticate(base, filter.encode(), password);
return authenticate;
}
Since we don't need to have certificate System.setProperty("javax.net.ssl.trustStore",
.../jssecacerts");
will not be needed.
What changes I need to make to disable the certificate validation.
I'm pretty new in LDAP stuff. , Kindly help with appropriate answer.