Reputation: 2393
Cannot establish LDAP SSL connection from WebLogic 12 using UnboundID SDK
I'm using the UnboundID LDAP SDK from a Java EE 6 app running in WLS 12.1.3.0.0 to interact with an LDAP server. Everything works with an open connection.
When trying to establish a secure LDAPConnection using a WLS SSLSocketFactory obtained from the WLS SSLContext, the LDAPConnection times out with no further useful debugging information. The certificate on the LDAP server is issued by Verisign.
The error is:
LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server XXXX:1636: java.io.IOException: Unable to establish a connection to server XXXX:1636 within the configured timeout of 60000 milliseconds.')
Am I correctly obtaining the SSLSocketFactory from WLS?
SSLContext sslContext = SSLContext.getInstance("https");
SSLSocketFactory sslFactory = sslContext.getSocketFactory();
ldapConn = new LDAPConnection(sslFactory,configBean.getLdapHost(),
configBean.getLdapPort(),configBean.getLdapBindDN(),
configBean.getLdapPassword());
Upvotes: 0
Views: 2761
Answers (2)
Reputation: 346
I agree, this does not seem to be an SSL error. You can enable ATN debug flags to get more details:
-Dweblogic.debug.DebugSecurityAtn=true -Dweblogic.log.StdoutSeverity=Debug -Dweblogic.log.RedirectStdoutToServerLogEnabled=true -Dweblogic.log.RedirectStderrToServerLogEnabled=true
Upvotes: 0
Reputation: 1736
That message suggests that the application was unable to establish a TCP connection to the specified server on the given port. Do you know if there is some kind of firewall or other mechanism in place that might be blocking the connection attempt or causing the traffic to be dropped? This would be easy enough to test by just trying to create a new Socket on the same address and port. If the attempt to create just a simple TCP socket to that address and port fails, then that suggests the problem is outside the LDAP SDK.
Although I would expect a different failure if the problem occurs during SSL negotiation, you could attempt to rule that out by using new SSLUtil(new TrustAllTrustManager()).createSSLSocketFactory() to create the socket factory. This will blindly trust any certificate the server presents. If that works, then it suggests that the problem is that the SSLContext.getInstance("https") is creating a context that is failing somewhere in the negotiation.
If nothing else helps, you could try enabling debugging in the LDAP SDK (see the com.unboundid.util.Debug class) to see if that provides any useful information.
Upvotes: 0
Related Questions
- SSLHandshakeException while connection to LDAPS(Active Directory)
- Not able to do SSL connection in weblogic server
- Bind to Active Directory via SSL using unbound id
- How to use UnboundID SDK to connect to an LDAP server with the SSL server certificate?
- Authenticate weblogic security realm user against LDAP fails
- Adding an SSL listener to UnboundID
- How do I connect to the localhost using UnboundID LDAP SDK?
- UnboundID SASL cannot acquire password
- Exception in SSL Handshaking
- Using UnboundID SDK with an SSL certificate file to connect to LDAP server in Android app