Bind to Active Directory via SSL using unbound id

Question

I'm looking to authenticate with AD using unboundID but I get a serverdown error on the bind action. The requests work fine when I do this via JNDI instead of unboundID. I've looked it up online and most seem to have a similar way of doing things. For e.g. I've referred this answer by Terry LDAP: How to authenticate user with connection details

This is my code

public class LDAPSearch_unboundID {

private static final String LDAPIP = "hostname";
private static final int LDAPPORT = 636;
private static final String USERDN = "adminuser"; 
private static final String PASSWD = "adminpass";
private static final String SEARCHDN = "DC=AA,DC=BB,DC=CC";

public static void main(String[] args) {

    authUser();
}

private static void authUser(String userid) {

     BindRequest bindRequest = new SimpleBindRequest(SEARCHDN,PASSWD);
     System.out.println("101");
     try {
     LDAPConnection ldapConnection = new LDAPConnection(LDAPIP,LDAPPORT);
     //LDAPConnection ldapConnection = new LDAPConnection(lco, LDAPIP,LDAPPORT, SEARCHDN, PASSWD);
     System.out.println("102");
     BindResult bindResult = ldapConnection.bind(bindRequest);
     System.out.println("103");
     ResultCode resultCode = bindResult.getResultCode();
     System.out.println("104");
     if(resultCode.equals(ResultCode.SUCCESS))
     {
         System.out.println("Authentication SUCCESS!!!");
     }
     else
     {
         System.out.println("Authentication FAILED!!!");
     }
     ldapConnection.close();
     } 
     catch (LDAPException e){
        e.printStackTrace();
     }

     }


}

Here the output is

101 102 LDAPException(resultCode=81 (server down), errorMessage='The connection to server host:port was closed while waiting for a response to a bind request SimpleBindRequest(dn='DC=AA,DC=BB,DC=CC'): An I/O error occurred while trying to read the response from the server: java.net.SocketException: Connection reset') at com.unboundid.ldap.sdk.SimpleBindRequest.handleResponse(SimpleBindRequest.java:718) at com.unboundid.ldap.sdk.SimpleBindRequest.process(SimpleBindRequest.java:570) at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2150) at ldapConnection.LDAPSearch_unboundID.authUser(LDAPSearch_unboundID.java:45) at ldapConnection.LDAPSearch_unboundID.main(LDAPSearch_unboundID.java:34)

I've tried this with a couple of other AD servers. What am I doing wrong?

Update: I must add that I'm using an SSL connection. I've tried updating the ldapconnection part of the code with this.

         SSLSocketFactory socketFactory = sslUtil.createSSLSocketFactory();
     LDAPConnection ldapConnection = new LDAPConnection(socketFactory);
     ldapConnection.connect(LDAPIP,LDAPPORT);
     System.out.println("102");
     BindResult bindResult = ldapConnection.bind(bindRequest);

Now I get this error

101 102 LDAPException(resultCode=49 (invalid credentials), errorMessage='80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 57, v1db1 at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2178) at ldapConnection.LDAPSearch_unboundID.authUser(LDAPSearch_unboundID.java:56) at ldapConnection.LDAPSearch_unboundID.main(LDAPSearch_unboundID.java:39)

I can't see any documentation for "data 57" under result code 49. The credentials are correct.

Answer 1

I use something like:

public static LDAPConnection getNewSSLConnection(String address, int port, BindRequest bindRequest) throws LDAPException, GeneralSecurityException
{
    SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
    SSLSocketFactory sslSocketFactory = sslUtil.createSSLSocketFactory();
    LDAPConnection ldc = new LDAPConnection(sslSocketFactory);
    ldc.connect(address, port);
    ldc.bind(bindRequest);
    return ldc;
}

DO NOT USE "TrustAllTrustManager() unless you are on a CLOSED TRUSTED network.

Find more ways for SSLUtil.