If one uses ldapsearch to search a particular LDAP server for base level naming contexts, the search works fine.
$ ldapsearch -h myhealthisp.com -p 10389 -x -s base -b "" namingContexts
# extended LDIF
#
# LDAPv3
# base <> (default) with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=myhealthisp,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1`
Using the JNDI, however, we get the following response:
No Results for: myhealthisp.com.
Problem: [LDAP: error code 32 - No Such Object] null
Here's our code:
private Attribute getCertFromLdap(SRVRecord srvRec, CertificateInfo certInfo) throws CertLookUpException{
env.put(DirContext.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
sc1 = new SearchControls();
sc1.setSearchScope(SearchControls.ONELEVEL_SCOPE);
try {
env.put(DirContext.PROVIDER_URL, "ldap://" + targetDomain + ":" + srvRec.getPort());
System.out.println("ldap://" + targetDomain + ":" + srvRec.getPort());
DirContext dc = new InitialDirContext(env);
NamingEnumeration directoryNE = null;
System.out.println("Got HERE!");
directoryNE= dc.search("", "objectClass=*", sc1);
System.out.println("SC1 :" + sc1);
while (directoryNE.hasMore()){
SearchResult result1 = (SearchResult) directoryNE.next();
// print DN of entry
System.out.println("Result.getNameInNamespace: " + result1.getName());
Attribute foundMail = findMailAttribute(result1.getNameInNamespace());
if(foundMail != null){
return foundMail;
}
}
dc.close();
} catch (NamingException e) {
System.out.println("No Results for: " + targetDomain + "\nProblem: " + e.getLocalizedMessage() + " " + e.getCause());
} return null;
}
The only way that we are able to return the base directories for myhealthisp.com is by hard coding the directory name (dc=myhealthisp,dc=com) into the base directory search filter (see this for what we are basing our code off of: http://directory.apache.org/apacheds/manuals/basic-user-guide-1.5.8-SNAPSHOT/html/ch03s03.html#LDAP Operations Searching)
When our code searches onctest.org LDAP server, we are given each of the namingContexts back.
Here's the output to the Eclipse console for both the onctest.org server and the myhealthisp.com server:
ldap://onctest.org.:10389
Got HERE!
SC1 :javax.naming.directory.SearchControls@4c408bfc
Result.getNameInNamespace: ou=config
Result.getNameInNamespace: dc=example,dc=com
Result.getNameInNamespace: ou=system
Search Result: cn=dts556: null:null:{mail=mail: [email protected], usercertificate=userCertificate: [B@35e06ba6, objectclass=objectClass: organizationalPerson, person, inetOrgPerson, top, o=o: onctest, sn=sn: Test Case, cn=cn: dts556}
Service Record: _ldap._tcp.onctEst.org. 86400 IN SRV 0 0 10389 onctest.org.
ldap://myhealthisp.com.:10389
Got HERE!
No Results for: myhealthisp.com.
Problem: [LDAP: error code 32 - No Such Object] null
Unable to find certificate at LDAP for: [email protected]
_ldap._tcp.myhealthisp.com. 3600 IN SRV 0 0 10389 myhealthisp.com.
We think that the following is causing the problem:
- JDNI cannot do a base search for OpenLDAProotDSE objectClass directories.