import java.util.*;
import javax.naming.*;
import javax.naming.directory.*;
public class ADSSLConnectionTest
{
private DirContext getContext(String ldaphost, String ldapport, String adminID, String adminpassword, boolean useSSL)
{
DirContext ctx=null;
String providerurl=ldaphost+":"+ldapport;
if(ldapport=="")
{
ldapport="636";
}
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY ,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL ,providerurl);
if(useSSL==true)
{
// if SSL is used - use can use ssl enabled ldaphost
// eg. "ldaps://localhost:636"
// else
// eg. "ldap://localhost:636"
env.put(Context.SECURITY_PROTOCOL, "ssl");
}
env.put(Context.SECURITY_AUTHENTICATION ,"simple");
env.put(Context.SECURITY_PRINCIPAL ,adminID);
env.put(Context.SECURITY_CREDENTIALS ,adminpassword);
ctx = new InitialDirContext(env);
}
catch(Exception ex)
{
ex.printStackTrace();
}
return ctx;
}
public DirContext getContext()
{
DirContext ctx=null;
try {
ctx=getContext("ldaps://localhost","636","CN=Tanweer Ahmad,DC=identity,DC=com","Password1",true);
System.out.println("Connected with SSL");
}
catch(Exception ex)
{
System.out.println("NOT Connected with SSL");
ex.printStackTrace();
}
return ctx;
}
public static void main(String[] args) {
try
{
ADSSLConnectionTest c = new ADSSLConnectionTest();
c.getContext();
}catch(Exception ex)
{
ex.printStackTrace();
}
}
}
Compile and run with your credentials as following:
C:\>javac ADSSLConnectionTest.java
C:\>java ADSSLConnectionTest
- If you have issues, make sure your SSL Certificate is in proper java store such as C:\j2sdk1.4.2_13\jre\lib\security.
- Make sure you are adding the certificate to the correct (& in path) java cacerts keystore.
2. You may also test by telnet to the server - telnet "hostname" 636 ---
3. You may list the keystore values as follows:
C:\j2sdk1.4.2_13\jre\lib\security>keytool -list -v -storepass changeit -keystore cacerts
This is how it looks:
*******************************************
*******************************************
Alias name: oim9102BP06
Creation date: March 5, 2010
Entry type: trustedCertEntry
Owner: CN=Tanweer Ahmad, OU="(c)
2010 IDM, Inc. - For authorized use only", OU=IDM, O="IDM, Inc.", C=US
Issuer: CN=Some Authority, OU="(c)
IDM, Inc. - For authorized use only", OU=IDM Trust Network, O="IDM, Inc.", C=US
Serial number: 9b7dskfhujshuhjwh7697898ghdfgdgee90487129ef53
Valid from: Thu April 05 20:00:00 EDT 2010 until: Wed Jul 16 19:59:59 EDT 2036
Certificate fingerprints:
MD5: CD:68:B6:A7:C7:C4:CE:75:E0:1D:2F:57:44:61:92:09
SHA1: 13:2D:0D:45:53:4B:69:97:CD:B2:D6:C3:39:E2:55:76:60:9B:5C:C6
*******************************************
*******************************************
Alias name: corp9
Creation date: Apr 05, 2010
Entry type: trustedCertEntry
Owner: CN=identity.com
Issuer: CN=Emp, DC=identity, DC=com
Serial number: 2714a16c000000000013
Valid from: Mon Jan 28 12:14:58 CST 2010 until: Tue Jan 27 12:14:58 CST 2011
Certificate fingerprints:
MD5: CD:48:B6:A7:C7:C4:CE:75:E0:1D:2F:57:44:61:92:09
SHA1: 12:1D:0D:45:52:4B:64:97:CD:B2:D6:C3:39:E2:55:76:60:9B:5C:C6
*******************************************
*******************************************
4. Then, make sure your ADITResource in OIM - The server is production.identity.com (as per your keystore). - There is some other way also like windows Tools so that you can use "LDP" Command To Test Domain running on 636 port for Active DIrectory
