Unable to establish an LDAP SSL connection from WebLogic 12 using UnboundID SDK

advertisements

I'm using the UnboundID LDAP SDK from a Java EE 6 app running in WLS 12.1.3.0.0 to interact with an LDAP server. Everything works with an open connection.

When trying to establish a secure LDAPConnection using a WLS SSLSocketFactory obtained from the WLS SSLContext, the LDAPConnection times out with no further useful debugging information. The certificate on the LDAP server is issued by Verisign.

The error is:

LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server XXXX:1636: java.io.IOException: Unable to establish a connection to server XXXX:1636 within the configured timeout of 60000 milliseconds.')

Am I correctly obtaining the SSLSocketFactory from WLS?

SSLContext sslContext = SSLContext.getInstance("https");
SSLSocketFactory sslFactory = sslContext.getSocketFactory();
ldapConn = new LDAPConnection(sslFactory,configBean.getLdapHost(),
                              configBean.getLdapPort(),configBean.getLdapBindDN(),
                              configBean.getLdapPassword());


That message suggests that the application was unable to establish a TCP connection to the specified server on the given port. Do you know if there is some kind of firewall or other mechanism in place that might be blocking the connection attempt or causing the traffic to be dropped? This would be easy enough to test by just trying to create a new Socket on the same address and port. If the attempt to create just a simple TCP socket to that address and port fails, then that suggests the problem is outside the LDAP SDK.

Although I would expect a different failure if the problem occurs during SSL negotiation, you could attempt to rule that out by using new SSLUtil(new TrustAllTrustManager()).createSSLSocketFactory() to create the socket factory. This will blindly trust any certificate the server presents. If that works, then it suggests that the problem is that the SSLContext.getInstance("https") is creating a context that is failing somewhere in the negotiation.

If nothing else helps, you could try enabling debugging in the LDAP SDK (see the com.unboundid.util.Debug class) to see if that provides any useful information.