Reputation: 441
Finding JNDI/LDAP Connection Security Protocol
I'm using java (8) to connect to an LDAP-Server to get some information. I'm doing this over SSL but I cannot figure out if my specified security protocol is actually being used....
Here is my code:
LdapContext ctx = null;
Hashtable<String, String> env = new Hashtable <String, String>();
try{
env.clear();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_CREDENTIALS, "password");
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("com.sun.jndi.ldap.read.timeout", 5000);
env.put("com.sun.jndi.ldap.connect.timeout", 5000);
env.put(Context.PROVIDER_URL, "myurl");
ctx = new InitialLdapContext(env, null);
} catch(NamingException nex) {
// Errors get treated here
}
int debug_stop = 1;
Its all about Context.SECURITY_PROTOCOL in my case as the connection is successfully established. Here is some information about this paramerter: https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-ldap-gl.html#protocol
I tried usind the following parameters (all within "" of course) :
ssl/SSLstarttls/STARTTLSSSL/STARTTLSTLSv1.1
but I see no change at all.
I tried debugging it in Netbeans and looking at the ctx-variable but there is so much to look at that I cannot find the right information I'm looking for.
The thing I look at is:
ctx
- Inherited
- defaultInitCtx
- clnt
- conn
- sock
- sess
- protocolVersion
- name
- protocolVersion
- sess
- sock
- conn
- clnt
- defaultInitCtx
And this always says TLSv1 no matter what I enter in my code above.
1) Is this the protocol that the connection is using?
2) Am I looking at the wrong variable?
3) How can I determine which protocol my established connection is using?
Another thing I found was in
ctx
- Inherited
- defaultInitCtx
- clnt
- conn
- sock
- Inherited
- self
- sslContext
- Static
- defaultServerSSLParams
- protocols
- defaultServerSSLParams
- Static
- sslContext
- self
- Inherited
- sock
- conn
- clnt
- defaultInitCtx
Here I found a list that says:
SSLv2HelloTLSv1TLSv1.1TLSv1.2
and so I tried using TLSv1.1 as a parameter above as well but without success...
Upvotes: 0
Views: 5789
Answers (1)
Reputation: 46
According to your link (http://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-ldap-gl.html), the only value for java.naming.security.protocol is "ssl".
With Context.SECURITY_PROTOCOL="ssl" :
- it opens a secure SSL/TLS connexion if the serveur supports it
- it fails with a
javax.net.ssl.SSLHandshakeExceptionotherwise
With Context.SECURITY_PROTOCOL=any other word than "ssl", it opens a simple connection (with no SSL/TLS)
So, with the standard factory (com.sun.jndi.ldap.LdapCtxFactory) and with "ssl" param, you use a SSL/TLS connexion or do nothing.
You can see a lot of details of your connection with the parameter -Djava.net.debug=ssl and can see which version of TLS and cipher is used by your connection. (see http://www.herongyang.com/JDK/SSL-Socket-Communication-Debug-javax-net-debug.html)
Upvotes: 3
Related Questions
- How do a LDAP search/authenticate against this LDAP in Java
- How to connect LDAP with TLS by JAVA
- How to make a call, via Java, with ssl and certificate to an ldap (AD)?
- Retrieve LDAP server type
- LDAP authentication with JNDI
- LDAP jndi connection (java + jboss eap 6)
- Connection To Ldap
- How to ensure LDAP connection over SSL from JNDI
- How to retrieve LDAP password via JNDI
- Check LDAP connection (Java)