In this article, we will see how to make a secured LDAP authentication using Java.

First thing to do is importing the trust certificate to Java keystore. The default java keystore is named cacerts and is located in $JAVA_HOME/jre/lib/security/cacerts.

$JAVA_HOME is where your JDK is installed (By default : C:/Program Files/Java/jdk1.7.0_79/).

1- Register your SSL certificate into Java keystore

Java offers the certificate management utility keytool to handle certificates into your keystore. To import a certificate, you need to specify three arguments :

  • -keystore : Absolute path to your keystore. (By default : C:\Program Files\Java\jdk1.7.0_79\jre\lib\security)
  • -alias : Give a name to your certificate  The given name should not already exist in the keystore
  • -file : Absolute path to the certificate you want to import

Use the following code to import your certificate into the default java keystore :

The default keystore password is : changeit

2- Running your application with SSL

To allow your application to connect over SSL you can choose one of the two solutions :

  • Writing code in your application

Add the following sytem properties before your LDAP authentication

  • Add JVM arguments

Start your application by adding the folowing arguments :

3- LDAP Connection

Once you added the trusted certificate to Java keystore and started your application with the required arguments, you can use the following code to make a LDAP authentication :