在ssl(ldaps)的支持下连接活动目录 [英] Connect active directory with the support of ssl (ldaps)

问题描述

am尝试在ssl的支持下连接到活动目录.

am trying to connect with active directory with the support of ssl.

我尝试了以下网站上的步骤.

i tried the steps from following web site.

http://confluence. atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory

当我尝试从Java代码连接活动目录时，出现以下错误.

when i try to connect active directory from the java code it gives following error.

Exception in thread "main" javax.naming.CommunicationException: simple bind fail
ed: 172.16.12.4:636 [Root exception is java.net.SocketException: Connection rese
t]
        at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
        at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
        at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
        at javax.naming.InitialContext.init(Unknown Source)
        at javax.naming.InitialContext.<init>(Unknown Source)
        at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
        at ConnectActiveDirectory.main(ConnectActiveDirectory.java:39)
Caused by: java.net.SocketException: Connection reset
        at java.net.SocketInputStream.read(Unknown Source)
        at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
        at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(Unknown Sourc
e)
        at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(Unknown Source)

        at com.sun.net.ssl.internal.ssl.Handshaker.kickstart(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.kickstartHandshake(Unknown
 Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Un
known Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source
)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
        at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
        at java.io.BufferedOutputStream.flush(Unknown Source)
        at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
        at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
        at com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)
        ... 13 more

正在使用的代码是

import java.util.Hashtable;
import javax.naming.*;
import javax.naming.directory.*;

public class ConnectActiveDirectory {

    public static void main(String[] args) throws NamingException {
        Hashtable env = new Hashtable();
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL,"Administrator@mysite.com");
        env.put(Context.SECURITY_CREDENTIALS, "password");
        env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldaps://172.16.12.4:636/cn=Users,dc=mysite,dc=com");
        try{
            java.io.InputStream in = new java.io.FileInputStream("C:\\client.crt");
            java.security.cert.Certificate c = java.security.cert.CertificateFactory.getInstance("X.509").generateCertificate(in);
            java.security.KeyStore ks = java.security.KeyStore.getInstance("JKS");
            ks.load(null);
            if (!ks.containsAlias("alias ldap")) {
                ks.setCertificateEntry("alias ldap", c);
            }
            java.io.OutputStream out = new java.io.FileOutputStream("C:\\keystorefile.jks");
            char[] kspass = "changeit".toCharArray();
            ks.store(out, kspass);
            out.close();        
        }catch(Exception e){
            e.printStackTrace();
        }
        System.setProperty("javax.net.ssl.trustStore", "C:\\keystorefile.jks");
        DirContext ctx = new InitialDirContext(env);
        NamingEnumeration enm = ctx.list("");
        while (enm.hasMore()) {
            System.out.println(enm.next());
        }
        ctx.close();
    }
}

在做任何错误吗?

我在哪里可以得到很好的教程来与活动目录建立ssl连接?

where can i get good tutorial to do ssl connection with active directory ?

http://confluence .atlassian.com/display/CROWD/Configuring + an + SSL + Certificate + for + Microsoft + Active + Directory 网站是否具有创建活动目录并将其与ssl连接的正确步骤?

does http://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory site has correct steps to create and connect active directory with ssl?

有什么可以帮助我的吗?

could any on please help me.

推荐答案

重命名我的AD域后，我遇到了类似的问题.重新安装证书服务后，您需要删除并重新颁发颁发给域控制器的证书.步骤:

I had a similar issue after my AD domain was renamed. After reinstalling certificate services, you need to delete and re-issue the certificate issued to your Domain Controller. Steps:

1. 打开MMC
2. 添加管理单元>证书>计算机>本地计算机
3. 导航至个人">证书"
4. 删除颁发给此计算机的所有旧证书(在我的情况下，这些证书是由旧CA颁发的)
5. 右键单击证书"文件夹，然后单击请求新证书".
6. 按照将新证书颁发给域控制器的步骤进行操作.
7. 重新启动(不确定是否有必要，但是我先重新启动才起作用)

这篇关于在ssl(ldaps)的支持下连接活动目录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！