search

maliksalman / ldap-client-demo

A sample spring-boot app that retrieves information from a TLS secured LDAP server
0 stars 1 forks source link

Issue with the TLS profile set up when using ldaps connection url (ldaps://ldap.example.org:636). #1

Open iAMSagar44 opened 4 months ago

iAMSagar44 commented 4 months ago

With the TLS profile, the ldap url is connecting to a non-ssl port. The client communication is initiated un-encrypted.

Is there a way to use ldaps and initiate the connection on a ssl port and then start the TLS mechanism using the DefaultTlsDirContextAuthenticationStrategy class (basically using the code in TLSConfig.class).

I tried this and I get a failure as follows during start up.

Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:230) ~[spring-ldap-core-3.2.2.jar:3.2.2]
    at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:157) ~[spring-ldap-core-3.2.2.jar:3.2.2]
    at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:182) ~[spring-ldap-core-3.2.2.jar:3.2.2]
    at org.springframework.ldap.pool2.factory.DirContextPooledObjectFactory.create(DirContextPooledObjectFactory.java:212) ~[spring-ldap-core-3.2.2.jar:3.2.2]
    at org.apache.commons.pool2.BaseKeyedPooledObjectFactory.makeObject(BaseKeyedPooledObjectFactory.java:81) ~[commons-pool2-2.12.0.jar:2.12.0]
    at org.apache.commons.pool2.impl.GenericKeyedObjectPool.create(GenericKeyedObjectPool.java:796) ~[commons-pool2-2.12.0.jar:2.12.0]
    at org.apache.commons.pool2.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:444) ~[commons-pool2-2.12.0.jar:2.12.0]
    at org.apache.commons.pool2.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:355) ~[commons-pool2-2.12.0.jar:2.12.0]
    at org.springframework.ldap.pool2.factory.PooledContextSource.getContext(PooledContextSource.java:258) ~[spring-ldap-core-3.2.2.jar:3.2.2]
    ... 48 common frames omitted
Caused by: javax.naming.NamingException: [LDAP: error code 1 - Operations Error]
    at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3300) ~[na:na]
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3206) ~[na:na]
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2997) ~[na:na]
    at java.naming/com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3385) ~[na:na]
    at java.naming/javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:184) ~[na:na]
    at org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy.processContextAfterCreation(AbstractTlsDirContextAuthenticationStrategy.java:133) ~[spring-ldap-core-3.2.2.jar:3.2.2]
    at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:151) ~[spring-ldap-core-3.2.2.jar:3.2.2]
    ... 55 common frames omitted
maliksalman commented 4 months ago

Hi there! The only way I've found to initiate the connection using LDAPS with is to have the CA certificate already installed in the system (not configured by Java/Spring). In the code base I show this example when running the app as ldaps profile. In that case, the CA certificate was already installed in the system when the docker container was started.