Upgrade of OpenJDK 1.8 packages w/ JNDI LDAP provider may break LDAP connections

Daniel Lutz daniel.lutz at switch.ch
Mon Nov 2 09:00:38 UTC 2020


This is maybe useful information for people running their IdP with OpenJDK 1.8 and still
using the JNDI LDAP provider (instead of the UnboundID provider).

We run our IdP with OpenJDK 1.8 on Red Hat still using the JNDI LDAP provider.

Today, an upgrade of the OpenJDK 1.8 packages (java-1.8.0-* on Red Hat) to version
8u272 made the LDAP connections of our IdP fail, due to a bug in OpenJDK described
e.g. at

  https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-October/012887.html

The IdP logged this as:

  org.ldaptive.provider.ConnectionException: javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate.

We're going to switch to the UnboundID provider to solve our issue.


  Daniel


More information about the users mailing list