Fix ldap:// with STARTTLS

Closes: #21935 (cherry picked from commit 8effe31fdf65eddeb78f4835f8374144302e5b02)
2026-01-10 15:32:05 -03:30 · 2023-09-13 17:29:11 +02:00 · 2023-09-13 17:29:11 +02:00 · fee2c0924d
commit fee2c0924d
parent 3a5a323c2c
1 changed files with 1 additions and 1 deletions
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPContextManager.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPContextManager.java
@ -192,7 +192,7 @@ public final class LDAPContextManager implements AutoCloseable {

        // when using Start TLS, use default socket factory for LDAP client but pass the TrustStore SSL socket factory later
        // when calling StartTlsResponse.negotiate(trustStoreSSLSocketFactory)
-        if (LDAPUtil.shouldUseTruststoreSpi(ldapConfig)) {
+        if (!ldapConfig.isStartTls() && LDAPUtil.shouldUseTruststoreSpi(ldapConfig)) {
            env.put("java.naming.ldap.factory.socket", "org.keycloak.truststore.SSLSocketFactory");
        }