If one uses ldapsearch to search a particular LDAP server for base level naming contexts, the search works fine.
$ ldapsearch -h myhealthisp.com -p 10389 -x -s base -b "" namingContexts
# extended LDIF
#
# LDAPv3
# base <> (default) with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=myhealthisp,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1`
Using the JNDI, however, we get the following response:
No Results for: myhealthisp.com.
Problem: [LDAP: error code 32 - No Such Object] null
Here’s our code:
private Attribute getCertFromLdap(SRVRecord srvRec, CertificateInfo certInfo) throws CertLookUpException{
env.put(DirContext.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
sc1 = new SearchControls();
sc1.setSearchScope(SearchControls.ONELEVEL_SCOPE);
try {
env.put(DirContext.PROVIDER_URL, "ldap://" + targetDomain + ":" + srvRec.getPort());
System.out.println("ldap://" + targetDomain + ":" + srvRec.getPort());
DirContext dc = new InitialDirContext(env);
NamingEnumeration directoryNE = null;
System.out.println("Got HERE!");
directoryNE= dc.search("", "objectClass=*", sc1);
System.out.println("SC1 :" + sc1);
while (directoryNE.hasMore()){
SearchResult result1 = (SearchResult) directoryNE.next();
// print DN of entry
System.out.println("Result.getNameInNamespace: " + result1.getName());
Attribute foundMail = findMailAttribute(result1.getNameInNamespace());
if(foundMail != null){
return foundMail;
}
}
dc.close();
} catch (NamingException e) {
System.out.println("No Results for: " + targetDomain + "\nProblem: " + e.getLocalizedMessage() + " " + e.getCause());
} return null;
}
The only way that we are able to return the base directories for myhealthisp.com is by hard coding the directory name (dc=myhealthisp,dc=com) into the base directory search filter (see this for what we are basing our code off of: http://directory.apache.org/apacheds/manuals/basic-user-guide-1.5.8-SNAPSHOT/html/ch03s03.html#LDAP Operations Searching)
When our code searches onctest.org LDAP server, we are given each of the namingContexts back.
Here’s the output to the Eclipse console for both the onctest.org server and the myhealthisp.com server:
ldap://onctest.org.:10389
Got HERE!
SC1 :javax.naming.directory.SearchControls@4c408bfc
Result.getNameInNamespace: ou=config
Result.getNameInNamespace: dc=example,dc=com
Result.getNameInNamespace: ou=system
Search Result: cn=dts556: null:null:{mail=mail: dts556@onctest.org, usercertificate=userCertificate: [B@35e06ba6, objectclass=objectClass: organizationalPerson, person, inetOrgPerson, top, o=o: onctest, sn=sn: Test Case, cn=cn: dts556}
Service Record: _ldap._tcp.onctEst.org. 86400 IN SRV 0 0 10389 onctest.org.
ldap://myhealthisp.com.:10389
Got HERE!
No Results for: myhealthisp.com.
Problem: [LDAP: error code 32 - No Such Object] null
Unable to find certificate at LDAP for: steve.tripp@myhealthisp.com
_ldap._tcp.myhealthisp.com. 3600 IN SRV 0 0 10389 myhealthisp.com.
We think that the following is causing the problem:
- JDNI cannot do a base search for OpenLDAProotDSE objectClass directories.
Generally anonymous bind doesnt have privilege to do a ldap search on the root. Every directory has the OOTB privileges for anonymous bind and searching the root. In case of apache DS, a search of the naming contexts can be done via the ldap query
ldapsearch -h localhost -p 10389 -s base -b “” “(objectclass=*)” namingContexts
However, a one level search of subtree search such as
ldapsearch -h localhost-p 10389 -s one -b “” -D “uid=admin,ou=system” -w secret “(objectclass=*)”
Gives the following result: which is what you are doing in the jndi program:
ldap_search: No such object
ldap_search: additional info: NO_SUCH_OBJECT: failed for SearchRequest
baseDn : ”
filter : ‘(2.5.4.0=*)’
scope : single level
typesOnly : false
Size Limit : no limit
Time Limit : no limit
Deref Aliases : never Deref Aliases
attributes :
: null
JNDI code for the first ldapsearch command :