-1

我们正在尝试使用 java 技术集成 LDPA 身份验证,但在使用以下代码时无法连接 IDAM-NETIQ 服务器,

参数详情,

    INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    PROVIDER_URL, "ldap:// IP ADDRESS :10389");
    SECURITY_PRINCIPAL, "CN=Testnetiq.O=IBOM_test");
    SECURITY_CREDENTIALS, "PASSWORD");

package com.test.poc;

import java.util.Properties;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;

public class Testing {

    public static void main(String[] args) throws Exception {
    Properties props = new Properties();
    props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    props.put(Context.PROVIDER_URL, "ldap:// ldap ip :10389");
    props.put(Context.SECURITY_PRINCIPAL, "CN=Testnetiq.O=IBOM_test");
    props.put(Context.SECURITY_CREDENTIALS, "Wipro@123");

    InitialDirContext context = new InitialDirContext(props);

    SearchControls ctrls = new SearchControls();
    ctrls.setReturningAttributes(new String[] { "givenName", "sn", "memberOf" });
    ctrls.setSearchScope(SearchControls.SUBTREE_SCOPE);

    NamingEnumeration<javax.naming.directory.SearchResult> answers = context.search("o=IBOM_test",
            "(uid=" + "Test123" + ")", ctrls);
    javax.naming.directory.SearchResult result = answers.nextElement();
    String user = result.getNameInNamespace();

    try {
        props = new Properties();
        props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        props.put(Context.PROVIDER_URL, "ldap://ldap ip :10389");
        props.put(Context.SECURITY_PRINCIPAL, user);
        props.put(Context.SECURITY_CREDENTIALS, "Test@123");

        context = new InitialDirContext(props);
        } catch (Exception e) {
            System.out.println("false");
        }
        System.out.println("True");
    }

}

访问时我们收到如下错误,

err] javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - Confidentiality Required] [err] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3127) [err] at com.sun.jndi。 ldap.LdapCtx.processReturnCode(LdapCtx.java:3082) [错误]
在 com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) [错误] 在 com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) [错误] 在 com.sun.jndi .ldap.LdapCtx.(LdapCtx.java:319) [err] at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) [err] at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs( LdapCtxFactory.java:210) [err] at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) [err] at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) [err] at org.apache.aries.jndi.ContextHelper.getInitialContextUsingBuilder(ContextHelper.java:244) [err] at [internal classes] [err] at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [错误] 在 javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)[错误]在javax.naming.InitialContext.init(InitialContext.java:244)

问题是我们的 java 代码还是 LDAP 服务器?

4

1 回答 1

0

堆栈跟踪表明您的 LDAP 服务器需要 TLS/SSL(LDAP:错误代码 13 - 需要保密)。

请尝试连接到 LDAPS 端口。

通常是 636。

在您的情况下,由于您尝试连接端口 10389,它可能是 10636。

您可能还需要将组织 CA 证书导入您的 Java 密钥库,才能成功连接。

这些是使用 iManager 导出证书的说明。

要导出组织 CA 的自签名证书:

Launch iManager.

Log in to the eDirectory tree as an administrator with the appropriate rights.

To view the appropriate rights for this task, see Entry Rights Needed to Perform Tasks.

On the Roles and Tasks menu, click NetIQ Certificate Server > Configure Certificate Authority.

This brings up the property pages for the Organizational CA, which include a General page, a CRL page, a Certificates page, and other eDirectory-related pages.

Click Certificates, then select the self-signed certificate.

Click Export and follow the prompts to export the certificate.

This starts the Certificate Export Wizard. Ensure the Export private key check box is not selected (does not have a check mark).

Click Finish.

您可以在此处找到该信息:https ://www.netiq.com/documentation/edirectory-91/edir_admin/data/b1j4tpo3.html#b1j4tu55

于 2018-04-30T11:59:48.290 回答