(91) Connect Error java.net.SocketException: Permission denied: connect' LDAP IPV6

Question

we are testing our appliction to work only on IPV6 when trying to connect to LDAP in windows 10 java 17 env and after disabling IPV4 from network level settings was facing below issue

SEVERE: LDAPException: Unable to connect to server YVONTEXXXXX1F3.XXXXXX.net:6,366 (91) Connect Error
java.net.SocketException: Permission denied: connect'

Caused by: java.net.SocketException: Permission denied: connect
        at java.base/sun.nio.ch.Net.connect0(Native Method)
        at java.base/sun.nio.ch.Net.connect(Net.java:579)
        at java.base/sun.nio.ch.Net.connect(Net.java:568)
        at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:588)
        at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
        at java.base/java.net.Socket.connect(Socket.java:633)
        at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:299)
        at java.base/sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:158)
        at java.base/sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:88)
        at com.novell.ldap.LDAPJSSESecureSocketFactory.createSocket(LDAPJSSESecureSocketFactory.java:96)
        at com.novell.ldap.Connection.connect(Connection.java:455)
        ... 42 more

what can be the issue

• does LDAP support IPV6 ?
• do we need to remove any firewall settings

connection is working fine when IPV4 is enabled

Answer 1

I am not a Java expert but the permission denied is an odd error for a networking problem.

Digging into the problem it looks like this mainly happens when you set a socket to IPv4 and give it an IPv6 address or vice versa. If possible I would repeat your test using the IPv6 address instead of the domain name for YVONTEXXXXX1F3.XXXXXX.net (you'll need to disable the SSL hostname check). This will ensure you are passing an IPv6 address to the connect. If the error persists then I would look into the socket properties. You may be able to do this at compile time with:

-Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true

References

• https://stackoverflow.com/a/12902187/1987437
• https://blog.miyuru.lk/enabling-ipv6-on-maven-java/#:~:text=For%20Java%20Applications%20you%20can,property%20in%20the%20app%20itself.