Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

java11 NPE with ldap configuration (Thread local SslConfig has not been set), works fine in 1.8.0_191-b12

Description

Ldap connectivity works  with Oracle jdk1.8.0_191 but fails to work when the execution environment java is changed to openjdk11+28 for the exact same configuration.

It's as if the loading / configuration setup behaviour changes subtly.

Configurations I've tested:

  •  Good: IdP-3.3.3, openjdk9.0.4, ldaptive-1.0.11 – no errors, ldap connections work, idp works 

  •  Good: IdP-3.3.3, openjdk9.0.4, ldaptive-1.2.3 – no errors, ldap connections work, idp works 

  •   Not Good: IdP-3.4.0, openjdk9.0.4, ldaptive-1.0.11 – ERROR state - LDAP connections fail due to SslConfig NPE in per stacktrace

  •  Not Good: IdP-3.4.0, openjdk9.0.4, ldaptive-1.0.13 – ERROR state - LDAP connections fail due to SslConfig NPE per stacktrace

  •  GoodIdP-3.4.0, jdk1.8.0_191, ldaptive-1.0.11 --no errors, ldap connections work, idp works ok

  •  IdP-3.4.0, openjdk11+28, ldaptive-1.0.11 --ERROR state- LDAP connections fail due to SslConfig NPE per stacktrace

 

 

Stacktrace: Stack traces from idp v3.4.1 with logback.xml set to TRACE for org.ldaptive

in a sandbox using our build tool environment  but with v3.4.1 as the IdP connecting over TLS to the ldap instance.

 

 

ldap.properties file:

attribute-resolver.xml DataConnector (v3.4.0 syntax)

 

 

Environment

Attachments

1

Activity

Show:

Scott Cantor December 17, 2019 at 2:41 PM

Closing this out because we've concluded JNDI is no longer viable. The ldaptive in V4 is updated to use UnboundID by default with no explicit deployer step. Various gaps have been addressed in the feature set so JNDI properties should be unneeded.

Scott Cantor February 1, 2019 at 2:21 PM

I've already switched the master branch to use it by adding the property to global-system.xml, so if we wanted to retrofit it it's not hard, but I think it's something a deployer could do without violating any rules, isn't it?

Rod Widdowson February 1, 2019 at 10:22 AM

Ugh, just read the wiki note. This feels like we (I) need to embody it into the Windows Installer? Or is that pandering to bugs? I'd be looking at V4 only

Is this safe behavior to retrofit to Java8?

Daniel Fisher January 31, 2019 at 8:30 PM

Scott Cantor January 18, 2019 at 6:33 PM

Testing with JDK 8u202, JNDI provider appears to work (doesn't crash). Don't know if it leaks, but I could check if I knew what to look for. I assume they would go together though, so looks like they did not backport that bug and Java 8 remains ok.

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Created November 5, 2018 at 2:47 PM
Updated March 11, 2020 at 2:10 PM
Resolved December 17, 2019 at 2:41 PM
Configure