Upgrade of OpenJDK 1.8 packages w/ JNDI LDAP provider may break LDAP connections

Daniel Lutz daniel.lutz at switch.ch
Mon Nov 2 09:00:38 UTC 2020

This is maybe useful information for people running their IdP with OpenJDK 1.8 and still
using the JNDI LDAP provider (instead of the UnboundID provider).

We run our IdP with OpenJDK 1.8 on Red Hat still using the JNDI LDAP provider.

Today, an upgrade of the OpenJDK 1.8 packages (java-1.8.0-* on Red Hat) to version
8u272 made the LDAP connections of our IdP fail, due to a bug in OpenJDK described
e.g. at


The IdP logged this as:

  org.ldaptive.provider.ConnectionException: javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate.

We're going to switch to the UnboundID provider to solve our issue.


More information about the users mailing list