Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16243

Active Directory SSL/TLS authentication does not work with Active Directory Plugin

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Labels:
    • Environment:
      Windows (7/2008 R2) x64; Active Directory at 2003 Forest Level; Global Catalog
    • Similar Issues:

      Description

      When <host>:636 or <host>:3269 is specified, authentication fails with a 'socket closed' error. I've confirmed that these ports on the domain controller are working and available by setting up the LDAP plugin using them. I've attached the logs generated by the authentication attempt. A network capture indicates that a handshake is occurring.

        Attachments

          Activity

          Hide
          rayterrill ray terrill added a comment -

          Is this still a problem? Running into the exact same issue - socket closed on both 636 and 3269, validated that I can connect outside of Jenkins.

          Show
          rayterrill ray terrill added a comment - Is this still a problem? Running into the exact same issue - socket closed on both 636 and 3269, validated that I can connect outside of Jenkins.
          Hide
          fabiang Fabian Grutschus added a comment -

          It's still a problem. The only option you have is to switch to the LDAP and use ldaps://<domain>:636 or use the StartTLS option.

          From the code it seems that the plugin is not even trying to connect via TLS, as there is no switch or implementation to do this. So a resolution for this issue would be to add a field "use ssl only" and then pass this option to the LDAP context class.

          Show
          fabiang Fabian Grutschus added a comment - It's still a problem. The only option you have is to switch to the LDAP and use ldaps://<domain>:636 or use the StartTLS option. From the code it seems that the plugin is not even trying to connect via TLS, as there is no switch or implementation to do this. So a resolution for this issue would be to add a field "use ssl only" and then pass this option to the LDAP context class.

            People

            • Assignee:
              Unassigned
              Reporter:
              khoury Khoury Brazil
            • Votes:
              6 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated: