Michael Pratt wrote:
Ok, so I'm on the verge of having this all working. I have my SSL
connection working using the JSSESocketFactory class (and setting the
appropriate system properties so it knows where to find my keystore and
truststore). Now the problem is, I cannot authenticate without a
password. In our C code (also using the Mozilla LDAP C SDK) I establish
an SSL connection and need to call ldap_sasl_bind() using an EXTERNAL
mechanism to tell it to use the certs for client authentication. Im
trying to do a similar thing now in the Java code but it keeps throwing
back insufficient access errors when I try anything other than searching
the directory. Here's the basic Java code Im using:
// set javax.net.ssl... properties here
LDAPConnection conn = new LDAPConnection();
conn.setSocketFactory(new JSSESocketFactory());
conn.connect(hostName, portNum);
conn.authenticate(userName, new String[] {"EXTERNAL"}, null, null);
It connects over SSL to the LDAP server, and I can browse entires, I
just can't add or remove. The same certs I use for this are used for
our C apps, and everything there authenticates fine. I'm looking
through the JDK code to try and figure out what's going on, but figured
I'd post here in case someone sees something obvious I'm missing.
Looks like you have to be using an instance of LDAPSSLSocketFactoryExt
as your SSLSocketFactory:
http://lxr.mozilla.org/mozilla/source/directory/java-sdk/ldapjdk/netscape/ldap/LDAPConnection.java#1104
But that code doesn't look quite right either:
http://lxr.mozilla.org/mozilla/source/directory/java-sdk/ldapjdk/netscape/ldap/LDAPSSLSocketFactory.java#248
Cross posting to the ldap group to see if anyone there has a clue.
Thanks, Mike
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
