libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Fix ldap:// with STARTTLS

Browse source 
Closes: #21935
This commit is contained in:
Hynek Mlnarik 2023-09-13 17:29:11 +02:00 committed by Hynek Mlnařík
parent 088abcf1d2
commit 8effe31fdf
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPContextManager.java
View file

@ -192,7 +192,7 @@ public final class LDAPContextManager implements AutoCloseable {
// when using Start TLS, use default socket factory for LDAP client but pass the TrustStore SSL socket factory later
// when calling StartTlsResponse.negotiate(trustStoreSSLSocketFactory)
if (LDAPUtil.shouldUseTruststoreSpi(ldapConfig)) {
if (!ldapConfig.isStartTls() && LDAPUtil.shouldUseTruststoreSpi(ldapConfig)) {
env.put("java.naming.ldap.factory.socket", "org.keycloak.truststore.SSLSocketFactory");
}