On Sat, May 16, 2015 at 4:28 AM, Bajaj, Yogesh <[email protected]> wrote:
> Thanks for your reply and help. > > Local System :- > > For embed server, ssl port is 10399. I am able to connect it using Apache > Ldap Studio browser as well as are you sure 10389 is your ssl port? just double checking cause this is the default non-ssl port in ApacheDS show us your client code part where you are attempting to connect > do search using LDAP client api successfully locally. For LDAP client api, > I installed certificates in key store to avoid ssl handshake error. > > On Client dev system :- > Neither apacheds or nor ldap client api prog are able to connect to embed > ldap server on client m/c. > I am getting below exception and ssl trace log is below :- > > > trustStore is: C:\trusted.ks > trustStore type is : jks > trustStore provider is : > init truststore > adding as trusted cert: > Subject: CN=ess-tools, OU=ApacheDS, O=ASF, C=US > Issuer: CN=ess-tools, OU=ApacheDS, O=ASF, C=US > Algorithm: RSA; Serial number: 0x3ddca171 > Valid from Thu May 14 00:14:42 EDT 2015 until Sat May 13 00:14:42 EDT > 2017 > > 2015-05-15 16:22:16,531 DEBUG Using default SystemClock for timestamps > 2015-05-15 16:22:16:547 LdapConnectionConfig [DEBUG] found > X509TrustManager sun.security.ssl.X509TrustManagerImpl@28c75ad4 > 2015-05-15 16:22:18:139 DefaultLdapCodecService [INFO] Registered > pre-bundled control factory: 1.3.6.1.4.1.18060.0.0.1 > 2015-05-15 16:22:18:203 DefaultLdapCodecService [INFO] Registered > pre-bundled control factory: 2.16.840.1.113730.3.4.7 > 2015-05-15 16:22:18:234 DefaultLdapCodecService [INFO] Registered > pre-bundled control factory: 2.16.840.1.113730.3.4.2 > 2015-05-15 16:22:18:265 DefaultLdapCodecService [INFO] Registered > pre-bundled control factory: 2.16.840.1.113730.3.4.18 > 2015-05-15 16:22:18:406 DefaultLdapCodecService [INFO] Registered > pre-bundled control factory: 1.2.840.113556.1.4.319 > 2015-05-15 16:22:18:468 DefaultLdapCodecService [INFO] Registered > pre-bundled control factory: 2.16.840.1.113730.3.4.3 > 2015-05-15 16:22:18:499 DefaultLdapCodecService [INFO] Registered > pre-bundled control factory: 1.3.6.1.4.1.4203.1.10.1 > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 1.3.6.1.4.1.18060.0.0.1 > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 2.16.840.1.113730.3.4.7 > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 2.16.840.1.113730.3.4.2 > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 2.16.840.1.113730.3.4.18 > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 1.2.840.113556.1.4.319 > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 2.16.840.1.113730.3.4.3 > 2015-05-15 16:22:18:577 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 1.3.6.1.4.1.4203.1.10.1 > 2015-05-15 16:22:18:671 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 1.3.6.1.4.1.42.2.27.8.5.1 > 2015-05-15 16:22:18:936 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 2.16.840.1.113730.3.4.9 > 2015-05-15 16:22:18:983 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 2.16.840.1.113730.3.4.10 > 2015-05-15 16:22:19:061 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 1.3.6.1.4.1.4203.1.9.1.3 > 2015-05-15 16:22:19:108 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 1.3.6.1.4.1.4203.1.9.1.4 > 2015-05-15 16:22:19:170 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 1.3.6.1.4.1.4203.1.9.1.1 > 2015-05-15 16:22:19:170 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 1.3.6.1.4.1.4203.1.9.1.2 > 2015-05-15 16:22:19:233 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 1.2.840.113556.1.4.473 > 2015-05-15 16:22:19:265 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 1.2.840.113556.1.4.474 > 2015-05-15 16:22:19:296 CodecFactoryUtil [INFO] Registered pre-bundled > control factory: 1.2.840.113556.1.4.841 > 2015-05-15 16:22:19:467 CodecFactoryUtil [INFO] Registered pre-bundled > extended operation factory: 1.3.6.1.1.8 > 2015-05-15 16:22:19:686 CodecFactoryUtil [INFO] Registered pre-bundled > extended operation factory: 1.3.6.1.4.1.18060.0.1.8 > 2015-05-15 16:22:19:857 CodecFactoryUtil [INFO] Registered pre-bundled > extended operation factory: 1.3.6.1.4.1.18060.0.1.3 > 2015-05-15 16:22:20:029 CodecFactoryUtil [INFO] Registered pre-bundled > extended operation factory: 1.3.6.1.4.1.18060.0.1.6 > 2015-05-15 16:22:20:123 CodecFactoryUtil [INFO] Registered pre-bundled > extended operation factory: 1.3.6.1.4.1.18060.0.1.5 > 2015-05-15 16:22:20:294 CodecFactoryUtil [INFO] Registered pre-bundled > extended operation factory: 1.3.6.1.4.1.4203.1.11.1 > 2015-05-15 16:22:20:410 CodecFactoryUtil [INFO] Registered pre-bundled > extended operation factory: 1.3.6.1.4.1.4203.1.11.3 > 2015-05-15 16:22:20:551 CodecFactoryUtil [INFO] Registered pre-bundled > extended operation factory: 1.3.6.1.4.1.1466.20037 > trigger seeding of SecureRandom > done seeding SecureRandom > 2015-05-15 16:23:29:440 LdapNetworkConnection [DEBUG] ------>> Connection > error: Connection timed out: no further information > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > Cannot connect to the server: Connection timed out: no further information > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.connect(LdapNetworkConnection.java:658) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1268) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1188) > at > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:127) > at > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112) > at com.whg.ess.tool.ldap.LdapSvc.test1(LdapSvc.java:68) > at com.whg.ess.tool.ldap.LdapSvc.main(LdapSvc.java:27) > Caused by: java.net.ConnectException: Connection timed out: no further > information > at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method) > at > sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:739) > at > org.apache.mina.transport.socket.nio.NioSocketConnector.finishConnect(NioSocketConnector.java:221) > at > org.apache.mina.transport.socket.nio.NioSocketConnector.finishConnect(NioSocketConnector.java:47) > at > org.apache.mina.core.polling.AbstractPollingIoConnector.processConnections(AbstractPollingIoConnector.java:459) > at > org.apache.mina.core.polling.AbstractPollingIoConnector.access$700(AbstractPollingIoConnector.java:65) > at > org.apache.mina.core.polling.AbstractPollingIoConnector$Connector.run(AbstractPollingIoConnector.java:527) > at > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > > > Thanks > Yogesh Bajaj > > > -----Original Message----- > From: Emmanuel Lécharny [mailto:[email protected]] > Sent: Wednesday, May 13, 2015 5:42 PM > To: [email protected] > Subject: Re: Enable SSL for Embed Apache DS Server > > Le 13/05/15 22:03, Bajaj, Yogesh a écrit : > > Hi Friends, > > > > I set up Apache DS embed server. I am using one of aspect provided in > JIRA ticket to avoid multiple resources issue. > > This is working fine on local laptop. Now I want to enable SSL for embed > LDAP server as once I am deploying it on client dev server , I am not able > to connect it. My client dev server requires ssh connection. > > SSL and SSH are two different things. > > The code you provided is correct. The server should be SSL enabled. have > you tried to connect to the server on port 10636 (or whatever value > serverPort contains) ? > > > > Please advise, how to enable SSL for embed LDAP server?. I already did > below in embed ldap server. > > > > transports.setEnableSSL(true); > > > > I am using latest Apache DS version 2.0.0-M20. > > > > > > Embed LDAP server java file :- > > > > import java.io.File; > > import java.util.List; > > > > import org.apache.directory.api.ldap.model.name.Dn; > > import org.apache.directory.api.ldap.model.schema.SchemaManager; > > import > > org.apache.directory.api.ldap.model.schema.registries.SchemaLoader; > > import > > org.apache.directory.api.ldap.schema.extractor.SchemaLdifExtractor; > > import > > org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifE > > xtractor; import > > org.apache.directory.api.ldap.schema.loader.LdifSchemaLoader; > > import > > org.apache.directory.api.ldap.schema.manager.impl.DefaultSchemaManager > > ; > > > > import org.apache.directory.api.util.exception.Exceptions; > > import org.apache.directory.server.constants.ServerDNConstants; > > import org.apache.directory.server.core.DefaultDirectoryService; > > import org.apache.directory.server.core.api.CacheService; > > import org.apache.directory.server.core.api.DirectoryService; > > import org.apache.directory.server.core.api.DnFactory; > > import org.apache.directory.server.core.api.InstanceLayout; > > import org.apache.directory.server.core.api.schema.SchemaPartition; > > import > > org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartiti > > on; import > > org.apache.directory.server.core.partition.ldif.LdifPartition; > > import org.apache.directory.server.core.shared.DefaultDnFactory; > > import org.apache.directory.server.i18n.I18n; > > import org.apache.directory.server.ldap.LdapServer; > > import > > org.apache.directory.server.protocol.shared.transport.TcpTransport; > > import org.apache.logging.log4j.LogManager; > > import org.apache.logging.log4j.Logger; > > > > > > > > public class EmbeddedADS { > > > > > > > > private static final Logger LOGGER = > LogManager.getLogger(EmbeddedADS.class); > > /** The directory service */ > > private DirectoryService service; > > > > /** The LDAP server */ > > private LdapServer server; > > > > private static EmbeddedADS instance; > > > > > > > > public static EmbeddedADS getInstance(){ > > if(instance == null){ > > instance= new EmbeddedADS(); > > } > > return instance; > > } > > > > /** > > * initialize the schema manager and add the schema partition to > diectory > > * service > > * > > * @throws Exception > > * if the schema LDIF files are not found on the > classpath > > */ > > private void initSchemaPartition() throws Exception { > > final InstanceLayout instanceLayout = > > this.service.getInstanceLayout(); > > > > final File schemaPartitionDirectory = new File( > > instanceLayout.getPartitionsDirectory(), "schema"); > > > > // Extract the schema on disk (a brand new one) and load the > registries > > if (schemaPartitionDirectory.exists()) { > > LOGGER.debug("schema partition already exists, skipping > schema extraction"); > > } else { > > final SchemaLdifExtractor extractor = new > DefaultSchemaLdifExtractor( > > instanceLayout.getPartitionsDirectory()); > > extractor.extractOrCopy(); > > } > > > > final SchemaLoader loader = new LdifSchemaLoader( > > schemaPartitionDirectory); > > final SchemaManager schemaManager = new > > DefaultSchemaManager(loader); > > > > // final DnFactory dnFactory = new > > // DefaultDnFactory(schemaManager,service.getDnFactory()); > > > > // We have to load the schema now, otherwise we won't be able > > // to initialize the Partitions, as we won't be able to parse > > // and normalize their suffix Dn > > schemaManager.loadAllEnabled(); > > > > final List<Throwable> errors = schemaManager.getErrors(); > > > > if (errors.size() != 0) { > > throw new Exception(I18n.err(I18n.ERR_317, > > Exceptions.printErrors(errors))); > > } > > > > this.service.setSchemaManager(schemaManager); > > > > // Init the LdifPartition with schema > > DnFactory dnFactory = new DefaultDnFactory(schemaManager, > this.service.getCacheService().getCache("dnCache")); > > this.service.setDnFactory(dnFactory); > > final LdifPartition schemaLdifPartition = new LdifPartition( > > schemaManager, service.getDnFactory()); > > > > > > schemaLdifPartition.setPartitionPath(schemaPartitionDirectory.toURI()) > > ; > > > > // The schema partition > > final SchemaPartition schemaPartition = new SchemaPartition( > > schemaManager); > > schemaPartition.setWrappedPartition(schemaLdifPartition); > > this.service.setSchemaPartition(schemaPartition); > > } > > > > /** > > * Initialize the server. It creates the partition, adds the index, > and > > * injects the context entries for the created partitions. > > * > > * @param workDir > > * the directory to be used for storing the data > > * @throws Exception > > * if there were some problems while initializing the > system > > */ > > private void initDirectoryService(final File workDir) throws > Exception { > > // Initialize the LDAP service > > this.service = new DefaultDirectoryService(); > > this.service.setInstanceLayout(new InstanceLayout(workDir)); > > > > final CacheService cacheService = new CacheService(); > > cacheService.initialize(this.service.getInstanceLayout()); > > > > this.service.setCacheService(cacheService); > > > > // first load the schema > > this.initSchemaPartition(); > > > > // then the system partition > > // this is a MANDATORY partition > > // DO NOT add this via addPartition() method, trunk code > complains about > > // duplicate partition > > // while initializing > > final JdbmPartition systemPartition = new JdbmPartition( > > this.service.getSchemaManager(), service.getDnFactory()); > > systemPartition.setId("system"); > > systemPartition.setPartitionPath(new File(this.service > > .getInstanceLayout().getPartitionsDirectory(), > systemPartition > > .getId()).toURI()); > > systemPartition.setSuffixDn(new Dn(ServerDNConstants.SYSTEM_DN)); > > > > systemPartition.setSchemaManager(this.service.getSchemaManager()); > > > > // mandatory to call this method to set the system partition > > // Note: this system partition might be removed from trunk > > this.service.setSystemPartition(systemPartition); > > > > // Disable the ChangeLog system > > this.service.getChangeLog().setEnabled(false); > > this.service.setDenormalizeOpAttrsEnabled(true); > > this.service.setShutdownHookEnabled(true); > > > > // And start the service > > this.service.startup(); > > > > // We are all done ! > > } > > > > public EmbeddedADS() { > > > > } > > > > /** > > * Creates a new instance of EmbeddedADS. It initializes the > directory > > * service. > > * > > * @throws Exception > > * If something went wrong > > */ > > public void init(final File workDir) throws Exception { > > if (!workDir.exists()) { > > workDir.mkdirs(); > > this.initDirectoryService(workDir); > > this.service.shutdown(); > > } > > > > this.initDirectoryService(workDir); > > } > > > > /** > > * starts the LdapServer > > * > > * @throws Exception > > */ > > public void startServer(File workDir, int serverPort) throws > Exception { > > init(workDir); > > this.server = new LdapServer(); > > TcpTransport transports = new TcpTransport(serverPort); > > transports.setEnableSSL(true); > > this.server.setTransports(transports); > > this.server.setDirectoryService(this.service); > > > > > > this.server.start(); > > > > > > LOGGER.debug("The server is running."); > > } > > > > public void shutdownServer() throws Exception { > > > > > > if(this.server != null){ > > try { > > this.server.stop(); > > LOGGER.debug("LDAP Server stop done"); > > } catch (Exception e) { > > LOGGER.error("exception in stop server",e); > > } > > } > > > > > > if(this.service != null){ > > try { > > this.service.shutdown(); > > LOGGER.debug("Dir Service shutdwon done"); > > } catch (Exception e) { > > LOGGER.error("exception in shutdown dir service",e); > > } > > } > > > > > > } > > } > > > > > > > > > > The information in this electronic mail ("e-mail") message may contain > information that is confidential and/or privileged, or may otherwise be > protected by work product or other legal rules. It is solely for the use of > the individual(s) or the entity (ies) originally intended. Access to this > electronic mail message by anyone else is unauthorized. If you are not the > intended recipient, be advised that any unauthorized review, disclosure, > copying, distribution or use of this information, or any action taken or > omitted to be taken in reliance on it, is prohibited and may be unlawful. > Please notify the sender immediately if you have received this electronic > message by mistake, and destroy all copies of the original message. > > > > The sender believes that this e-mail and any attachments were free of > any virus, worm, Trojan horse, malicious code and/or other contaminants > when sent. E-mail transmissions cannot be guaranteed to be secure or > error-free, so this message and its attachments could have been infected, > corrupted or made incomplete during transmission. By reading the message > and opening any attachments, the recipient accepts full responsibility for > any viruses or other defects that may arise, and for taking remedial action > relating to such viruses and other defects. Neither Wyndham Worldwide > Corporation nor any of its affiliated entities is liable for any loss or > damage arising in any way from, or for errors or omissions in the contents > of, this message or its attachments. > > > The information in this electronic mail ("e-mail") message may contain > information that is confidential and/or privileged, or may otherwise be > protected by work product or other legal rules. It is solely for the use of > the individual(s) or the entity (ies) originally intended. Access to this > electronic mail message by anyone else is unauthorized. If you are not the > intended recipient, be advised that any unauthorized review, disclosure, > copying, distribution or use of this information, or any action taken or > omitted to be taken in reliance on it, is prohibited and may be unlawful. > Please notify the sender immediately if you have received this electronic > message by mistake, and destroy all copies of the original message. > > The sender believes that this e-mail and any attachments were free of any > virus, worm, Trojan horse, malicious code and/or other contaminants when > sent. E-mail transmissions cannot be guaranteed to be secure or error-free, > so this message and its attachments could have been infected, corrupted or > made incomplete during transmission. By reading the message and opening any > attachments, the recipient accepts full responsibility for any viruses or > other defects that may arise, and for taking remedial action relating to > such viruses and other defects. Neither Wyndham Worldwide Corporation nor > any of its affiliated entities is liable for any loss or damage arising in > any way from, or for errors or omissions in the contents of, this message > or its attachments. > -- Kiran Ayyagari http://keydap.com
