Active Directory traffic not encrypted

Rochford, Mike MRochford at STARKSTATE.EDU
Fri Sep 14 10:58:15 EDT 2018

I’ve figured this out.  There was a setting in the dataconnecter used in the attribute-resolver.xml file that was using useStartTLS=true.  Once I set that to false I was able to use SSL and the traffic is now encrypted between the shibboleth server and the domain controllers.

Mike Rochford
IT Manager
Stark State College
mrochford at<mailto:mrochford at>
330-494-6170 x 4244

From: users [mailto:users-bounces at] On Behalf Of Daniel Fisher
Sent: Wednesday, September 12, 2018 4:18 PM
To: Shib Users <users at>
Subject: Re: Active Directory traffic not encrypted

On Wed, Sep 12, 2018 at 4:05 PM Rochford, Mike <MRochford at<mailto:MRochford at>> wrote:
2018-09-12 15:59:21,055 - ERROR [org.ldaptive.pool.BlockingConnectionPool:509] - <snip> config=[org.ldaptive.ConnectionConfig at 1911725457::ldapUrl=ldaps://<>, connectTimeout=3000, responseTimeout=3000, sslConfig=[org.ldaptive.ssl.SslConfig at 1631826609::credentialConfig=org.ldaptive.ssl.CredentialConfigFactory$2 at a63643e, trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer at 1126780571::bindDn=CN=shibboleth,OU=Specific purpose logon accounts,DC=starkstate,DC=net, bindSaslConfig=null, bindControls=null]]], initialized=false, availableCount=0, activeCount=0] unable to connect to the ldap

Something doesn't line up. The log says you're attempting to startTLS on an LDAPS connection, which gives the error you would expect.
Are you certain you're using the properties file you think you are?

--Daniel Fisher

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list