The ReadOnlyUsersLDAPRepository uses the SimpleLDAPConnection to call list() on the configured baseDN. That method returns only nodes at the given base node, it does not search the sub scope. It also returns elements that are not really nodes like referrals. The result is a NullPointerException when connecting to ActiveDirectory instances and listing all users.
An attached patch suggests an additional configuration parameter for the userObjectClass and calls search() instead of list() with a SearchCriteria set to search the given base and the sub scope as an alternative implementation.
It seems that the SimpleLDAPConnection which is created once, can timout and cause all subsequent queries to fail with socket exceptions.
We should consider using spring-ldap to handle pooling and connection cleanup.