Java 8 Upgrade Breaks LDAP Connection from Nexus Repository Manager

We are running the latest version of Nexus Repository Manager (OSS 3.43.0-01) and have jdk1.8-1.8.0_181 installed. We are getting multiple vulnerability alerts from our scanner that Java 8 needs to be upgraded to the latest version. I upgraded it to java-1.8.0-openjdk-1.8.0.352 and the nexus service started successfully. However, we are now unable to authenticate to our LDAP server and log in with LDAP accounts. I confirmed that the connector worked fine before the upgrade, but fails to connect after. Are there any known issues with Java and LDAP?

I haven’t heard of anything specific, one possibility is that newer JVMs do change the encryption ciphers which are enabled by default. If you’re using LDAPS (i.e. LDAP over TLS) its possible your LDAP server’s certificate is using a cipher deemed insecure and disabled by default.

Yeah that would make sense. I’ll dig into that to see if I can find anything. We’re using FreeIPA and haven’t experienced that in the past, but maybe this is a different situation. Thanks for the response.

This appears to be fixed. I ended up having to add our LDAP cert to the truststore in the LDAP config. I guess we hadn’t done that before. Java is now on the latest openjdk version and I’m able to log in with my LDAP creds. Thanks for the help.

1 Like