We have upgraded our Nolio Release Automation server from 6.6 to 6.7. After completing the upgrade we are able to login with the superuser id/password. But we cannot login with any of our LDAP/AD users.
When trying to login with an LDAP/AD user it generates the following error
type Exception report
message simple bind failed: <ldap server name>:636; nested exception is javax.naming.CommunicationException: simple bind failed: <ldap server name>:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching <ldap server name> found.]
description The server encountered an internal error that prevented it from fulfilling this request.
exception
org.springframework.ldap.CommunicationException: simple bind failed: <ldap server name>:636; nested exception is javax.naming.CommunicationException: simple bind failed: <ldap server name>:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching <ldap server name> found.]
root cause
javax.naming.CommunicationException: simple bind failed: <ldap server name>:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching <ldap server name> found.]
root cause
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching <ldap server name> found.
root cause
java.security.cert.CertificateException: No subject alternative DNS name matching <ldap server name> found.
Release : 6.7
Component : Nolio Release Automation Release Operations Center
Endpoint identification has been enabled on LDAPS connections.
To improve the robustness of LDAPS (secure LDAP over TLS) connections, endpoint identification algorithms have been enabled by default.
Note that there may be situations where some applications that were previously able to successfully connect to an LDAPS server may no longer be able to do so. Such applications may, if they deem appropriate, disable endpoint identification using a new system property: com.sun.jndi.ldap.object.disableEndpointIdentification
.
Define this system property (or set it to true
) to disable endpoint identification algorithms.