LDAP/TLS regression in 8u272
Thorsten Meinl
thorsten.meinl at knime.com
Fri Oct 30 13:18:47 UTC 2020
Hi,
> It might be. Does it work with JDK 11? Would you have a reproducer for
> this issue?
We have other services using LDAP with TLS that run on Java 11 (JFrog
Artifactory - Java 11.0.7, Sonarqube - Java 11.0.8) which don't have that
problem.
For reproducing you need an LDAP server configured with TLS and a Tomcat
installation. Configure Tomcat with the LDAP server as authentication realm,
e.g.
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://ldap:389"
useStartTls="true"
userBase = "ou=people, dc=knime, dc=com"
userSearch = "(cn={0})"
roleBase="ou=groups,dc=knime,dc=com"
roleName="cn"
roleSearch="(member={0})"
/>
I also found
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972962
and
https://bugs.openjdk.java.net/browse/JDK-8214440
which looks like exactly the same issue. The latter was supposed to be
backported to 8u261. 8u265 didn't have that issue but 8u272 does. Maybe the
backport got lost?
Thanks,
Thorsten
--
Dr.-Ing. Thorsten Meinl
KNIME AG
Hardturmstrasse 66
8005 Zurich, Switzerland
More information about the jdk8u-dev
mailing list