Earlier our install of cluster worked as expected. However after the recent Linux patch, it stopped working. We notice that JDK minor version/security base line has changed to 1.8.0_181-b13. Finding the corresponding release notes : . It reads :
Changes core-libs/javax.naming ➜ Improve LDAP support Endpoint identification has been enabled on LDAPS connections.
To improve the robustness of LDAPS (secure LDAP over TLS ) connections, endpoint identification algorithms have been enabled by default.
Note that there may be situations where some applications that were previously able to successfully connect to an LDAPS server may no longer be able to do so. Such applications may, if they deem appropriate, disable endpoint identification using a new system property: com.sun.jndi.ldap.object.disableEndpointIdentification.
Define this system property (or set it to true) to disable endpoint identification algorithms.
JDK-8200666 (not public)
For our cluster boot strap script I added JAVA_OPTS to include com.sun.jndi.ldap.object.disableEndpointIdentification=true and it worked fine.
However our cluster software has multiple application components which talk to Active Directory for authentication and we will need to add this property at least in 7/8 more places and restart them.
Instead is a there a way to add/modify a property at OS/System/JDK level so that we do not need to modify the start script for all the other application components?
Any help in this direction will be helpful.
Regards, -JE
