When testing the ldap connection we receive the following error: "Could not establish context on any of the ldap urls."  

The gateway log shows the following: 

2024-04-11T16:22:46.165-0400 WARNING 604 com.l7tech.server.identity.ldap.LdapIdentityProviderImpl: Could not establish context using LDAP URL ldaps://xxx.xxx.com:636. xxx.xxx.com:636. Caused by: No subject alternative DNS name matching xxx.xxx.com found.
2024-04-11T16:22:46.165-0400 INFO    604 com.l7tech.server.identity.ldap.LdapUrlProviderImpl: Blacklisting url for next 60 seconds : ldaps://xxx.xxx.com:636
2024-04-11T16:22:46.165-0400 FINE    604 com.l7tech.server.identity.ldap.LdapUrlProviderImpl: All ldap urls are blacklisted.
2024-04-11T16:22:46.165-0400 INFO    604 com.l7tech.server.identity.ldap.LdapIdentityProviderImpl: LDAP configuration test failure. Cannot connect to this directory 'Could not establish context on any of the ldap urls.'.

All supported versions of the CA API Gateway

Certificate does not match server or alternative names for the Ldap. 

Reviewed the system.properties file and could see the following entry was in place:

com.sun.jndi.ldap.object.disableEndpointIdentification=true

However the system.properties file contained an extra space in the comment line:

#for LDAPS AD Domain Connectivity

So the following line was not read properly

com.sun.jndi.ldap.object.disableEndpointIdentification=true

We needed to remove the extra space and then the setting took effect properly.