NYU noticed that LDAP authentication was hanging on its nightly build of Sakai 11--a login attempt to /portal/login would leave the browser spinning until the LDAP timeout threshold was hit, and then a bug report page would be shown (and an LDAPTimeout exception logged).
I traced this back to
SAK-30112, which changed the way the LDAP SocketFactory instances are handled. Previously the code would just set a default (global) SocketFactory during init(); now it sets the SocketFactory when creating a new LDAPConnection. However, the commit missed a spot, and so we ended up with a non-SSL socket trying to connect to an SSL server, and the LDAP client just hung.
I'll send a PR to fix this in a moment.