We are integrating an OpenSSL JAVA application with Active Directory 2003 Ent SP2. The connection method we are attempting to use is SASL with the authentication method being set to EXTERNAL. Our code is based on com.sun.jndi.ldap.LdapCtxFactory and uses the URL, EXTERNAL, and SSL in creating the connection in addition to the public and private certificate information.
The certificates we are using are generated by a Windows Server 2008 R2 CA. They are being converted to PEM format using OpenSSL and split into public and private sections for the auth code to use. I am confident that the certificates work as I was able to use IAS and the PEM converted certificates to log onto the network using another device. Our JAVA app is wired and trying to connect directly to Active Directory using ldaps.
I have not been able to get a decoded connection stream from Wireshark yet, but if that is useful and you can give me pointers on how to accomplish that, i can provide wire traffic decoded as well.
I am using EasyLDAP to test our connection. The error output from this is:
Exception in thread "main" javax.naming.AuthenticationNotSupportedException: [LD
AP: error code 7 - 00002027: LdapErr: DSID-0C090499, comment: Invalid Authentica
tion method, data 0, vece ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at com.resseasy.ldap.LdapConvenience.login(LdapConvenience.java:34)
at EasyLDAP.main(EasyLDAP.java:53)
The error information being logged in the AD event logs are as follows:
Internal event: The LDAP server returned an error.
Additional Data
Error value:
00002027: LdapErr: DSID-0C090499, comment: Invalid Authentication method, data 0, vece
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Internal event: The LDAP server returned an error.
Additional Data
Error value:
00000003: LdapErr: DSID-0C06045C, comment: Error decrypting ldap message, data 0, vece
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Internal event: An LDAP client connection was closed because of an error.
Client ID:
3969
Additional Data
Error value:
3 The system cannot find the path specified.
Internal ID:
c060456
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Any assistance in this matter would be of great help.
Thanks,
Ward
The certificates we are using are generated by a Windows Server 2008 R2 CA. They are being converted to PEM format using OpenSSL and split into public and private sections for the auth code to use. I am confident that the certificates work as I was able to use IAS and the PEM converted certificates to log onto the network using another device. Our JAVA app is wired and trying to connect directly to Active Directory using ldaps.
I have not been able to get a decoded connection stream from Wireshark yet, but if that is useful and you can give me pointers on how to accomplish that, i can provide wire traffic decoded as well.
I am using EasyLDAP to test our connection. The error output from this is:
Exception in thread "main" javax.naming.AuthenticationNotSupportedException: [LD
AP: error code 7 - 00002027: LdapErr: DSID-0C090499, comment: Invalid Authentica
tion method, data 0, vece ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at com.resseasy.ldap.LdapConvenience.login(LdapConvenience.java:34)
at EasyLDAP.main(EasyLDAP.java:53)
The error information being logged in the AD event logs are as follows:
Internal event: The LDAP server returned an error.
Additional Data
Error value:
00002027: LdapErr: DSID-0C090499, comment: Invalid Authentication method, data 0, vece
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Internal event: The LDAP server returned an error.
Additional Data
Error value:
00000003: LdapErr: DSID-0C06045C, comment: Error decrypting ldap message, data 0, vece
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Internal event: An LDAP client connection was closed because of an error.
Client ID:
3969
Additional Data
Error value:
3 The system cannot find the path specified.
Internal ID:
c060456
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Any assistance in this matter would be of great help.
Thanks,
Ward