How to reset the user password in RedHat Directory server using Java code via LDAPS?

614 views Asked by At

How can I access the RedHat directory server / HP UX Directory server using LDAPS from my Java application? I am trying to access it through LDAP it's working fine but while using LDAPS it doesn't establishing the connection with the server.

Here is my code, which is not working:

public void setPassword(String userDn,String password) {
    InitialDirContext ctx=null;
    DirContext connection;
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    String systemname = "ldaps://myserver:636";
    env.put(Context.PROVIDER_URL, systemname);  
    env.put(Context.SECURITY_PRINCIPAL, "cn=directory manager");
    env.put(Context.SECURITY_CREDENTIALS, "MySecret");
    ctx = new InitialDirContext(env);
    connection = (DirContext)ctx;
    connection.lookup("dc=mydomain,dc=com");
    ModificationItem[] mods = new ModificationItem[1];
    Attribute mod0 = new BasicAttribute("userpassword",password);
    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0);
    connection.modifyAttributes(userDn, mods);
    connection.close();
}

The above code works fine if I replace the ldaps by ldap.

But I need the code to work for LDAPS as well. Some sites mention the need for a keystore, certificate, etc. But I don't know about these anything.

2

There are 2 answers

0
jwilleke On BEST ANSWER

As you are using Java, you need to obtain a copy of the server's certificate or Certificate Authority Chain and add it to the Java Keystore for the JVM you are using with your code.

How to accomplish obtaining the certificate is dependent on the LDAP implementation you are using. The LDAP admin should be able to help.

As to adding the certificate(s) the the Java KeyStore, see Google.

-jim

0
Terry Gardner On

You can try a couple of things:

  • use a known good tool ldapsearch to verify that LDAP clients can connect to the server
  • use openssl s_client -connect host:port to verify clients can establish a secure connection.