差異處

這裏顯示兩個版本的差異處。

連向這個比對檢視

java:ldap [2016/04/26 15:20]
tony [SunCertPathBuilderException]
java:ldap [2017/08/19 23:33]
行 1: 行 1:
-{{tag>​ldap}} 
-====== LDAP & AD ====== 
-LDAP & AD都算是老東西了,會開始寫些教學是因為遇到與它的整合。內容隨著我的學習會慢慢增加,如果我有空寫的話~XD。 
-===== LDAP + RestAPI + Digest Auth? ===== 
-目前遇到的問題是:​ LDAP使用者是否可以透過RestAPI進行Digest Auth? \\ 
-我認為有困難。\\ 
-由於認證行為是交給LDAP Server,RestAPI Web層只負責forwarding;而Digest Auth中的密碼會被根據Http Request種類、密碼等等內容一起MD5 encoding過。如果無法取得明文,除非LDAP Server允許接受一樣的方式。 
  
-===== SunCertPathBuilderException ===== 
-<code bash> 
-Caused by: sun.security.provider.certpath.SunCertPathBuilderException:​ unable to find valid certification path to requested target 
-</​code>​ 
-參考[[http://​stackoverflow.com/​questions/​11617210/​how-to-properly-import-a-selfsigned-certificate-into-java-keystore-that-is-avail|此篇]]教學,執行以下command將root ca給匯入到Java keystore中,changeit是預設密碼,如果要用記得要改:​ 
-<code bash> 
-keytool -importcert -trustcacerts -keystore /​opt/​jdk1.8.0_60/​jre/​lib/​security/​cacerts -storepass changeit -noprompt -alias tonytest -file /​etc/​ldap/​ssl/​rootca.crt ​ 
-Certificate was added to keystore 
-</​code>​ 
-列出現有的ca:​ 
-<code bash> 
-keytool -list -keystore /​opt/​jdk1.8.0_60/​jre/​lib/​security/​cacerts -storepass changeit 
-</​code>​ 
-查看看測試的ca:​ 
-<code bash> 
-./keytool -list -keystore /​opt/​jdk1.8.0_60/​jre/​lib/​security/​cacerts -storepass changeit ​ | grep tony 
-tonytest, Mar 23, 2016, trustedCertEntry, ​ 
-</​code>​ 
-刪除測試的ca:​ 
-<code bash> 
-./keytool -delete -keystore /​opt/​jdk1.8.0_60/​jre/​lib/​security/​cacerts -storepass changeit -alias tonytest 
-</​code>​ 
-修改密碼:​ 
-<code bash> 
-keytool -keystore "​C:​\Program Files\Java\jre1.8.0_66\lib\security\cacerts"​ -storepasswd -new newpasswd -storepass changeit 
-</​code>​ 
-===== TLS already started ===== 
-在透過Spring Security使用TLS後,會發生TLS already started的例外。經過trace並從網路上[[http://​www.openldap.org/​faq/​data/​cache/​1063.html|文章]]中發現,這是由於connection pool造成的。目前只要設定LdapContextSource以下內容,即可取消connection pool暫時解決:​ 
-<code java> 
-ldapContextSource.setCacheEnvironmentProperties(false);​ 
-ldapContextSource.setPooled(false);​ 
-</​code>​ 
-會出現這問題,也有可能你是使用ldaps+636 port去做存取而產生的。(reference [[http://​forum.spring.io/​forum/​spring-projects/​data/​ldap/​19764-tls-and-setupauthenticatedenvironment|link]]) 
- 
-===== Articles ===== 
-  * [[java:​ldap:​openldap|OpenLDAP]] 
-  * [[java:​ldap:​jndi|JNDI API]] 
-  * [[java:​ldap:​spring|Spring API]] 
-  * [[java:​dalp:​ad:​enable_certificate|Enable SSL/TLS on Windows AD]] 
-===== Reference ===== 
-==== Auth & Security ==== 
-  * [[https://​docs.oracle.com/​javase/​tutorial/​jndi/​ldap/​auth_mechs.html|Authentication Mechanisms of JNDI]] 
-  * [[http://​www.tech-faq.com/​ldap-security-issues.html|LDAP security issues]] 
-  * [[http://​www.openldap.org/​doc/​admin24/​sasl.html|OpenLDAP - SASL]] 
-  * [[https://​tersesystems.com/​2014/​03/​23/​fixing-hostname-verification/​|fixing-hostname-verification]] 
-==== OpenLDAP ==== 
-  * [[http://​wiki.weithenn.org/​cgi-bin/​wiki.pl?​OpenLDAP-SSL_TLS_%E8%A8%AD%E5%AE%9A|Setup SSL/TLS on OpenLDAP server]] 
-==== Spring - LDAP ==== 
-  * [[http://​forum.spring.io/​forum/​spring-projects/​data/​ldap/​19764-tls-and-setupauthenticatedenvironment|StartTLS與Pool的問題]] 
-==== Client ==== 
-  * [[https://​directory.apache.org/​studio/​downloads.html|Apache Directory Studio]] 
-  * [[http://​www.ldapadmin.org/​|LDAP Admin]] ​ 
-==== Integration ==== 
-  * [[http://​media.community.dell.com/​en/​dtc/​attach/​idrac6_directoryservices.pdf|Dell iDRAC6]] 
- 
-=====  ===== 
----- 
-\\ 
-~~DISQUS~~