Cascade CMS v8.11 comes bundled with a newer version of Java (JRE 8u191). This newer version of the JRE enables endpoint identification algorithms for LDAPS servers for added security. The change was included in JRE 8u181+ and more information on it can be found in the Oracle/Java Release Notes. Due to this, you may have problems syncing with your LDAPS server. 

A common error as a result of this change may look like this:

ERROR [LdapServiceImpl] {User: system, id: not specified, type: not specified} During LDAP user import, encountered an error and could not bind to the LDAP server:
javax.naming.CommunicationException: simple bind failed: [Root exception is No subject alternative names matching IP address found]

To work around this , you can disable endpoint identification algorithms by adding the following parameter to your startup script. For example:


  • Edit  

  • In the JAVA_OPTS  line, add -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true 

  • Save


  • Right-click the file tomcat/bin/CascadeCMSw.exe  and select the Run as Administrator option   

  • Click the Java tab 

  • In the Java Options section,  add the line -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true 

  • Click Apply/OK


Did this answer your question?