I am connecting to NetWare 5.x's NDS with...
Articles and Tips: qna
01 Feb 2002
Q.
I am connecting to NetWare 5.x's NDS with LDAP using JAVA with these few lines of code:
System.setProperty("ssl.keystore",
certificatePath);
LDAPSocketFactory ssf = new
LDAPSecureSocketFactory();
lc = new LDAPConnection(ssf);
lc.connect(sLdapHost,iLdapPort);
This method uses a server certificate to authenticate the client certificate. This certificate is loaded in memory on the application server using the path specified by the certificatePath. I want to use a second LDAP server in case the first one crashes.
My problem is that certificate one, which is loaded on my application server, contains the name of LDAP server one and can't authenticate the client to certificate two. I need to know if there is a method to unload this certificate dynamically from the originating server and reload it to the new one.
A.
The certificatePath is the path to the keystore, which can hold multiple certificates. If the second server uses a separate trusted root, have you tried importing both certificates into the keystore of both servers? The LDAP library will go down the list and find the correct certificate in the local keystore. So if the keystores on different servers are different, it may fail on one and work on another--that is, if one doesn't have the right certificate in it. So add all the certificates to each keystore on each server.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.