问题描述

当我将java从1.8.161升级到1.8.181时，我无法从我的应用程序连接到LDAP，当我尝试使用在LDAP中处于活动状态的用户登录到应用程序时
i得到以下异常。

When I upgraded java from 1.8.161 to 1.8.181, I am not able to connect to LDAP from my application, i get below exception when i try to login to application with a user that is active in LDAP.

我发现以下在Oracle网站上为1.8.181版本

I found the below release notes on the Oracle site for version 1.8.181

core-libs / javax.naming
➜改进LDAP支持
已在LDAPS连接上启用端点标识。

core-libs/javax.naming ➜ Improve LDAP support Endpoint identification has been enabled on LDAPS connections.

为了提高LDAPS（安全LDAP over TLS）连接的稳健性，端点识别默认情况下已启用
算法。

To improve the robustness of LDAPS (secure LDAP over TLS ) connections, endpoint identification algorithms have been enabled by default.

请注意，某些应用程序以前可以成功将
连接到LDAPS服务器可能再也无法这样做了。
此类应用程序如果认为合适，可以使用
新系统属性禁用端点标识： com.sun.jndi.ldap.object.disableEndpointIdentification 。

Note that there may be situations where some applications that were previously able to successfully connect to an LDAPS server may no longer be able to do so. Such applications may, if they deem appropriate, disable endpoint identification using a new system property: com.sun.jndi.ldap.object.disableEndpointIdentification.

定义此系统属性（或将其设置为true）以禁用端点识别算法。

Define this system property (or set it to true) to disable endpoint identification algorithms.

我尝试将属性设置为true，如下所示以及其他属性。但它仍然会引发同样的错误。

I tried to set the property to true as below along with other properties. But still it throws same error.

Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, ctxFactory);
    env.put(Context.PROVIDER_URL, providerUrl);
    env.put(Context.SECURITY_PRINCIPAL, secPrincipal);
    env.put(Context.SECURITY_AUTHENTICATION, secAuthentication);
    env.put(Context.SECURITY_CREDENTIALS, secCredentials);
   env.put("com.sun.jndi.ldap.object.disableEndpointIdentification" ,disableEndpointIdentification);
    DirContext ldapCtx = new InitialDirContext(env);

需要你的帮助我们需要如何以及在何处设置物业
com.sun.jndi.ldap.object.disableEndpointIdentification 为true。

Need your help how and where exactly we need to set the property com.sun.jndi.ldap.object.disableEndpointIdentification to true.

在Context Interface中也没有与此相关的常量String变量。

There is no such constant String variable related to this in Context Interface too.

如果我恢复到java 1.8.161版本它工作正常。

If I revert back to java 1.8.161 version it works fine.

推荐答案

doc讲述应用程序系统属性而不是关于Ldap上下文环境

doc tells about application system property and not about Ldap context environment

然后需要在应用程序的应用程序JVM（java命令行）上设置为

then it needs to be setup on application JVM (java command line) for the app as

-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true

这篇关于如何禁用java 1.8.181版本的端点标识的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！