TLS Hostname verification not working properly

Tester123 · January 15, 2025, 4:45pm

Hello, I am configuring an LDAP connection for user federation but our DNS servers aren’t resolving the domain controller hostname so I thought I would just use the IPs in the connection URL. I activated --tls-hostname-verifier=ANY and allowed for deprecated algorithms to be used but I am still getting this issue.

Error when authenticating to LDAP: Could not negotiate TLS: javax.naming.AuthenticationException: Could not negotiate TLS [Root exception is javax.net.ssl.SSLPeerUnverifiedException: hostname of the server ‘xx.xxx.xx.xxx’ does not match the hostname in the server’s certificate.]

Any suggestions ?

cbt · January 16, 2025, 6:43pm

Not had that issue but the documentation indicates that secure LDAP requires hostname validation.

Configuring trusted certificates - Keycloak
“Please note that this setting does not apply to LDAP secure connections, which require strict hostname checking.”

maybe that’s why?

Tester123 · January 23, 2025, 10:15pm

I thought that only applied to LDAPS and not LDAP + STARTTLS. I am using the latter.

Topic		Replies	Views
HostnameV2 Issues with Keycloak 26	4	113	December 17, 2024
Mutualy authenticated LDAP user storage federation Configuring the server ldap	4	2027	June 30, 2020
javax.net.ssl.SSLException Configuring the server	0	707	February 24, 2021
Ldaps Configuration Error Configuring the server authentication , ldap	1	1439	February 9, 2022
User Federation - LDAP - StartTLS Getting advice ldap	1	1838	August 21, 2020

TLS Hostname verification not working properly

Related topics