我正在尝试通过 ssl 连接到 ldap。我已经生成了一个带有证书条目的 .jks 文件。我不想将它导入到 cacerts,而是想在初始化 ldap 连接时动态访问它。
if (sslAuth) {
ldapHost = "ldaps://" + ldapHost;
} else {
ldapHost = "ldap://" + ldapHost;
}
Hashtable<Object, Object> env = new Hashtable<Object, Object>();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapHost);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "userName");
env.put(Context.SECURITY_CREDENTIALS, "password");
if (sslAuth) {
System.setProperty("javax.net.ssl.trustStore", "C:\\temp\\AD-Cert-TrustStore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
env.put(DirContext.SECURITY_PROTOCOL, "ssl");
}
LdapContext ctx = new InitialLdapContext(env, null);
return ctx;
但我得到以下异常
javax.naming.CommunicationException: simple bind failed: ldaphost:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]