LDAP Realm Breaking with Java 11.0.15


Running Payara community 2022.2 and just upgraded Java to 11.0.15 from 11.0.14, which seems to have broken LDAP Realm authentication with the following exception.

Just wanted to give a heads up and see if anyone has seen this. Hopefully, fix will simply be rolling back to Java 11.0.14.

Caused by: java.net.SocketException: Unconnected sockets not implemented
	at java.base/javax.net.SocketFactory.createSocket(SocketFactory.java:125)
	at java.naming/com.sun.jndi.ldap.Connection.createSocket(Connection.java:303)
	at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:231)
	... 68 more
Caused by: java.lang.UnsupportedOperationException
	at java.base/javax.net.SocketFactory.createSocket(SocketFactory.java:123)


And maybe this has something to do with it?


From the stacktrace, this has something to do with it: Java – “SocketException: Unconnected sockets not implemented” with self-signed SSL certificate – iTecNote

But the method SocketFactory.createSocket without parameters that throws an exception has been in JDK 11 since the beginning: jdk/SocketFactory.java at jdk-11+0 · openjdk/jdk · GitHub

Payara didn’t change anything on the LDAP socket factory either: Payara/CustomSocketFactory.java at b263fb8b7eab9fee664cd8b0a9457ed3dc96cdd0 · payara/Payara · GitHub (it doesn’t override the SocketFactory.createSocket() method).

Something must have caused that the method SocketFactory.createSocket() is now called while it wasn’t called before.

Does it fix your issue if you set -Dcom.sun.jndi.ldapURLParsing=legacy?

All the best,

That’s exactly what I’m trying now. I’ll let you know if that does it.


Hi again,

Unfortunately, this doesn’t seem to address the problem. Which makes me wonder if I’m adding the system property incorrectly.

I’ve added <jvm-options>-Dcom.sun.jndi.ldapURLParsing=legacy</jvm-options> to my domain.xml file. And on start up I see -Dcom.sun.jndi.ldapURLParsing=legacy in the logs.

That’s correct, right?

If so, is it possible that the system property itself is incorrect? That is how the JDK release notes show it, but is there another source to verify what the format of that property should be?