This discussion is archived
5 Replies Latest reply: Jul 10, 2012 4:51 PM by EJP RSS

NamingExcepton <host>: socket closed ?

SunilU Newbie
Currently Being Moderated
I'm trying to build my own Java program to connect to OVD. I'm using a service account to connect to OVD, authenticate and search for the user DN trying to login. Then I create another dirContext to authenticate the user who will be authenticating from the web application. The below code works fine with non-ssl, but while trying ssl, the first authentication attempt works to get the DN, but during the actual user authentication the connection just hangs and I get the "Naming Exception <host>: socket closed" error. Has anyone faced this issue before. I tried searching this error and applied almost all recommendations suggested.

Can someone help on what I'm missing here? Thank you.


System.out.println("inside authenticateUser()");
String AD_AUTH_SERVICE_URL="ldaps://ovd host:7501";
String AD_DOMAIN="DC=mydomain,DC=com";
String SERVICE_ACCOUNT_ID="ADMIN USER DN";
String SERVICE_ACCOUNT_PASSWORD="xxxx";
NamingEnumeration results = null;
String uid = "myuser"; // In realtime this user comes from the web application which will be calling this program


DirContext ctx = null;
DirContext ctx2 = null ;
try {
Hashtable lEnvironment = new Hashtable();
lEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
lEnvironment.put(Context.SECURITY_AUTHENTICATION, "simple");

lEnvironment.put(Context.PROVIDER_URL, AD_AUTH_SERVICE_URL);
lEnvironment.put(Context.SECURITY_PRINCIPAL, SERVICE_ACCOUNT_ID);
lEnvironment.put(Context.SECURITY_CREDENTIALS, SERVICE_ACCOUNT_PASSWORD);
lEnvironment.put(Context.SECURITY_PROTOCOL, "ssl");
lEnvironment.put("com.sun.jndi.ldap.connect.pool", "true");


String filter = "(&(uid=" + uid + ")(objectclass=inetorgperson))";
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
ctls.setTimeLimit(3000);


ctx = new InitialDirContext(lEnvironment);
System.out.println("Service Account Auth successfull "); // This works all time time via ssl.
String[] attrIDs = { "distinguishedname" };
ctls.setReturningAttributes(attrIDs);

System.out.println("Value of DN " + attrIDs[0]);
System.out.println("value of filter " + filter);
System.out.println("value of AD_Domain " + AD_DOMAIN);

results = ctx.search(AD_DOMAIN, filter, ctls);
System.out.println("Search was successfull ");
ctx.close();

if (results.hasMore()) {
while (results.hasMore()) {
SearchResult searchResult = (SearchResult)results.next();
Attributes attributes = searchResult.getAttributes();

String dn = (String)attributes.get("distinguishedname").get();

System.out.println("Value of DN " + dn);

lEnvironment.clear();
//Hashtable aEnvironment = new Hashtable();
lEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
lEnvironment.put(Context.PROVIDER_URL, AD_AUTH_SERVICE_URL);
lEnvironment.put(Context.SECURITY_AUTHENTICATION, "simple");
lEnvironment.put(Context.SECURITY_PRINCIPAL, dn);
lEnvironment.put(Context.SECURITY_CREDENTIALS, "xxxx"); // password passed from web app
//lEnvironment.put(Context.SECURITY_PRINCIPAL, SERVICE_ACCOUNT_ID);
//lEnvironment.put(Context.SECURITY_CREDENTIALS, SERVICE_ACCOUNT_PASSWORD);

lEnvironment.put(Context.SECURITY_PROTOCOL, "ssl");
lEnvironment.put("com.sun.jndi.ldap.connect.pool", "true");


String keyStore = "C:\\Oracle\\Middleware\\jdk160_24\\jre\\lib\\security\\cacerts";
String keyPass = "changeit";
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.ssl.keyStore",keyStore);
System.setProperty("javax.net.ssl.trustStore",keyStore);
System.setProperty("javax.net.ssl.trustStorePassword", keyPass);
System.setProperty("javax.net.ssl.keyStorePassword", keyPass);


lEnvironment.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");


ctx2 = new InitialDirContext(lEnvironment); // program hangs here and timesout after some time.
System.out.println("Authentication is successfull ");
ctx2.close();
  • 1. Re: NamingExcepton <host>: socket closed ?
    EJP Guru
    Currently Being Moderated
    You don't need to do the second lookup. Just keep the first context open, do the search, make all those changes to its environment to set the user's credentials, and then call LdapContext.reconnect(). That does an LDAP bind and will fail ifnthrbcredentials are wrong.
  • 2. Re: NamingExcepton <host>: socket closed ?
    SunilU Newbie
    Currently Being Moderated
    Thanks for the help. Looks like reconnect() is part of LdapIntialContext, and I had to modify the code a bit. I call this function after updating hte hashtable with updated pricipal DN and password. Now it doesn't do anything and just passes through the code. Meaning, I tried to modify the password and DN attribute and it just passes through without really binding to LDAP. Here's updated code snippet. I also tried passing connectControls[] after going through some documentation on this method. Am I missing something here?



    ctx = new InitialLdapContext(lEnvironment, null);

    System.out.println("Service Account Auth successfull ");
    String[] attrIDs = { "distinguishedname" };
    ctls.setReturningAttributes(attrIDs);

    System.out.println("Value of DN " + attrIDs[0]);

    results = ctx.search(AD_DOMAIN, filter, ctls);
    System.out.println("Search was successfull ");

    if (results.hasMore()) {
    while (results.hasMore()) {
    SearchResult searchResult = (SearchResult)results.next();
    Attributes attributes = searchResult.getAttributes();

    String dn = (String)attributes.get("distinguishedname").get();

    System.out.println("Value of DN " + dn);

    lEnvironment.put(Context.SECURITY_PRINCIPAL, dn);
    lEnvironment.put(Context.SECURITY_CREDENTIALS, <user password>);

    Control[] reqCtls = ctx.getConnectControls();
    System.out.println("count keys " + lEnvironment.size());

    ctx.reconnect(reqCtls);

    //ctx = new InitialLdapContext(lEnvironment, reqCtls);

    ctx.close();
  • 3. Re: NamingExcepton <host>: socket closed ?
    EJP Guru
    Currently Being Moderated
    If the code executes without exceptions the credentials are correct.
  • 4. Re: NamingExcepton <host>: socket closed ?
    SunilU Newbie
    Currently Being Moderated
    Thanks for the reply. I intentionally changed credentials to a bad password and the code still executes without exceptions. I'm guessing the changes to the hashtable is not been recognised.
  • 5. Re: NamingExcepton <host>: socket closed ?
    EJP Guru
    Currently Being Moderated
    You aren't doing it correctly. The Context takes a copy of the hashtable you supply, so modifying it further has no effect. You have to use Context.addToEnvironment().

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points