I am working on an application that has LDAP connectivity. We have, up until now, used only the Open JLDAP libraries to perform LDAP searches and authentication. We have many clients who use this successfully, connecting to Active Directory and Oracle Internet Directory, with both unencrypted and SSL connections.
We recently had a client that uses IBM Tivoli Directory, the OpenLDAP libraries connect to this server fine, when in standard mode (non-SSL), however when using SSL the connection will be disconnected when performing searches. Binding and reads work ok.
The error that we get is:
LDAPException: Connection lost waiting for results from ldap.host:389 (91) Connect Error java.io.EOFException: BERDecoder: decode: EOF in Identifier
I thought this was a problem with JLDAP, so i replaced our code with UnboundId LDAP library, except I get a similar problem.. The connection disconnects only when peforming a search, only under SSL.
As a test, I installed the trial version of Tivoli Directory, and enabled SSL. Both the JLDAP and UnBoundID libraries work correctly against my instance.
Is there any configuration options on Tivoli that would cause connections to be dropped only under SSL?
I have an LDAP tool (jxplorer) that can connect and search the clients LDAP server over SSL. I think jxplorer uses the JNDI libraries for it's LDAP connection.
I wanted to see if there was anything else I could try before porting my LDAP code to use the JNDI LDAP code... (which might still have the same problem).
Ideas welcome...
Thanks.
I found my own answer to this. There was a problem with Java's SSL implementation in the JNDI libraries between Java 1.6_18 to Java 1.6_28, and the issue was also present in Java 1.7 until a recent patch.