Cannot get LDAPS to work

I’m experiencing problems with and LDAPS-Authorization; LDAP works fine.
I’ve installed the certificate with keytool; this should not be the problem.
When I do the LDAPS-Query, I always get this error message:

cannot load class through its string name, because no definition for the class with the specified name [com.sun.net.ssl.internal.ssl.Provider] could be found caused by (java.lang.ClassNotFoundException:com.sun.net.ssl.internal.ssl.Provider;java.lang.ClassNotFoundException:com.sun.net.ssl.internal.ssl.Provider;)

Any Ideas what’s going wrong? It looks like there’s SSL-Stuff missing (maybe because of AdoptOpenJDK?)

OS: Windows Server 2016
Java: AdoptOpenJDK 14.0.2 64bit
Tomcat: 9.0.37
Lucee: 5.3.6.61

I’m no Java expert and LDAP neither, but I have some information that might help a little until some other with more experience chimes in. It looks like the code you’re using is legacy code and the package com.sun.net.ssl.internal.ssl.Provider
has been removed.

The class migrated to another one, please see 5.2 especially 5.2.1 at
https://docs.deistercloud.com/content/Technology.50/Java/Migration%20from%20java%208%20to%20java%209.xml?embedded=true

The code you are using will probably have to be adapted to make use of the newer valid class.

Actually, I’m using just CFLDAP from Lucee:

<cfldap 
     server="LdapServerName" 
     port="636"
     secure="CFSSL_BASIC"
     attributes=... 
     start=...
     filter=...
     ...
/>

I’ve just tried with AdoptOpenJDK15; still the same error.
Have there to be made changes within Lucee?

yup, TLS isn’t supported yet

https://luceeserver.atlassian.net/browse/LDEV-2622

Is there a timeframe for this to be implemented? Or a workaround?

it’s not on the immediate radar

can you comment on that bug, including the stacktrace and your java version

Java is AdoptOpenJDK 14.0.2; or also 15.
StackTrace is this:

lucee.runtime.exp.NativeException: cannot load class through its string name, because no definition for the class with the specified name [com.sun.net.ssl.internal.ssl.Provider] could be found caused by (java.lang.ClassNotFoundException:com.sun.net.ssl.internal.ssl.Provider;java.lang.ClassNotFoundException:com.sun.net.ssl.internal.ssl.Provider;)
at lucee.commons.lang.ClassUtil.loadClass(ClassUtil.java:225)
at lucee.runtime.net.ldap.LDAPClient.setSecureLevel(LDAPClient.java:138)
at lucee.runtime.tag.Ldap._doStartTag(Ldap.java:365)
at lucee.runtime.tag.Ldap.doStartTag(Ldap.java:353)
at ldap_cfm$cf$4.call(/ldap.cfm:36)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:945)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:837)
at lucee.runtime.listener.ClassicAppListener._onRequest(ClassicAppListener.java:64)
at lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:43)
at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2416)
at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2406)
at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2381)
at lucee.runtime.engine.Request.exe(Request.java:43)
at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1127)
at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1073)
at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:97)
at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: lucee.commons.lang.ClassException: cannot load class through its string name, because no definition for the class with the specified name [com.sun.net.ssl.internal.ssl.Provider] could be found caused by (java.lang.ClassNotFoundException:com.sun.net.ssl.internal.ssl.Provider;java.lang.ClassNotFoundException:com.sun.net.ssl.internal.ssl.Provider;)
… 39 more

I have filed a bug for you https://luceeserver.atlassian.net/browse/LDEV-3079

1 Like