JAAS ldap issue

Peter Schober peter.schober at univie.ac.at
Wed Jun 3 14:56:08 UTC 2020

* Daniel Fisher <dfisher at vt.edu> [2020-06-03 16:48]:
> ldaps:// + useStartTLS will result in some sort of exception as the
> StartTLSRequest will be attempted on a socket that is already confidential.
> i.e. useStartTLS is not ignored and is mutually exclusive with
> ldaps://

Thanks, makes sense by focussing on the literal meaning of
useStartTLS, I suppose.

So the main thing to remember for deployers wanting LDAPS is to use
the ldaps:// schema in their ldapURL AND set useStartTLS=false (from
its default 'true').


More information about the users mailing list