Details

    • Similar Issues:

      Description

      The Active Directory documentation [1] says you can use the `hudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps` system property to force connecting via LDAPS. This is broken.

      The following pull request updates the code to use this system property:
      https://github.com/jenkinsci/active-directory-plugin/pull/8

      It also changes the default LDAPS port from 686 to 636.

      [1] https://wiki.jenkins-ci.org/display/JENKINS/Active+Directory+plugin#ActiveDirectoryplugin-SecuringaccesstoActiveDirectoryservers

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
          http://jenkins-ci.org/commit/active-directory-plugin/a700b733586273c53703dff15abfbc094245605a
          Log:
          Merge pull request #8 from blt04/fix-ldaps

          JENKINS-21073 Fix forceLdaps system property

          Compare: https://github.com/jenkinsci/active-directory-plugin/compare/45dfbccf0bf4...a700b7335862

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java http://jenkins-ci.org/commit/active-directory-plugin/a700b733586273c53703dff15abfbc094245605a Log: Merge pull request #8 from blt04/fix-ldaps JENKINS-21073 Fix forceLdaps system property Compare: https://github.com/jenkinsci/active-directory-plugin/compare/45dfbccf0bf4...a700b7335862
          Hide
          eyeeyeeye Stafford Ritchie added a comment -

          Testing merged code

          Show
          eyeeyeeye Stafford Ritchie added a comment - Testing merged code
          Hide
          fbelzunc Félix Belzunce Arcos added a comment -

          Released since active-directory-1.34

          Show
          fbelzunc Félix Belzunce Arcos added a comment - Released since  active-directory-1.34
          Hide
          0k00l Sebastian Willdo added a comment -

          I seems that issue returns. I'm not able to connect with TLS to our AD. In logs(hudson.plugins.active_directory) i can see that plugin tries to connect with plain protocol ldap even after forcing ldpas in start parameters.

          PATH=/opt/wii/test/csvn/bin:$PATH 
          export JAVA_ARGS='-Dorg.eclipse.jetty.server.HttpConfiguration.requestHeaderSize=32768 -Dorg.eclipse.jetty.server.HttpConfiguration.responseHeaderSize=32768 -Dorg.eclipse.jetty.server.Request.maxFormContentSize=500000 -Dhudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps=true -Djavax.net.ssl.trustStore=/opt/wii/java/jdk1.8.0_111/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Dhudson.footerURL=http://jenkins:8080' 
          export JENKINS_JAVA_OPTIONS="${JAVA_ARGS}" 
          source /home/jenkins/.bash_profile 2>&1 >/dev/null 
          LOG_NAME=$(date +%d_%m_%Y).logs 
          $JAVA_HOME/jre/bin/java -Xms4096m -Xmx4096m $JAVA_ARGS -jar $JENKINS_HOME/server/lib/jenkins.war --requestHeaderSize=32768 > $JENKINS_HOME/server/logs/$LOG_NAME 2>&1 & 
          echo $LOG_NAME
          exit 0
          
          Show
          0k00l Sebastian Willdo added a comment - I seems that issue returns. I'm not able to connect with TLS to our AD. In logs(hudson.plugins.active_directory) i can see that plugin tries to connect with plain protocol ldap even after forcing ldpas in start parameters. PATH=/opt/wii/test/csvn/bin: $PATH export JAVA_ARGS= '-Dorg.eclipse.jetty.server.HttpConfiguration.requestHeaderSize=32768 -Dorg.eclipse.jetty.server.HttpConfiguration.responseHeaderSize=32768 -Dorg.eclipse.jetty.server.Request.maxFormContentSize=500000 -Dhudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps=true -Djavax.net.ssl.trustStore=/opt/wii/java/jdk1.8.0_111/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Dhudson.footerURL=http://jenkins:8080' export JENKINS_JAVA_OPTIONS= "${JAVA_ARGS}" source /home/jenkins/.bash_profile 2>&1 >/dev/null LOG_NAME=$(date +%d_%m_%Y).logs $JAVA_HOME/jre/bin/java -Xms4096m -Xmx4096m $JAVA_ARGS -jar $JENKINS_HOME/server/lib/jenkins.war --requestHeaderSize=32768 > $JENKINS_HOME/server/logs/$LOG_NAME 2>&1 & echo $LOG_NAME exit 0
          Hide
          0k00l Sebastian Willdo added a comment -

          Jenkins version: 2.220
          Plugin version: 2.16

          Show
          0k00l Sebastian Willdo added a comment - Jenkins version: 2.220 Plugin version: 2.16

            People

            • Assignee:
              eyeeyeeye Stafford Ritchie
              Reporter:
              blt04 Brandon Turner
            • Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated: