Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45816

ActiveDirectorySecurityRealm constructor ignores TlsConfiguration

    Details

    • Similar Issues:

      Description

      Hello,

      I'm attempting to configure the Active Directory Plugin programmatically in a Packer template and it appears I'm unable to select the  "JDK_TRUSTSTORE" when using the available ActiveDirectorySecurityRealm constructors.

      For example, doing this:

       

      // sample groovy configuration script
      def instance = Jenkins.getInstance()
      def ad_realm = new ActiveDirectorySecurityRealm(domain,
          domains, // List<ActiveDirectoryDomain>
          site,
          bindName,
          bindPassword,
          server,
          GroupLookupStrategy.RECURSIVE,
          false,	// Boolean removeIrrelevantGroups
          domain != null, // Boolean customDomain
          null, // CacheConfiguration cache,
          true, // Boolean startTls
          TlsConfiguration.JDK_TRUSTSTORE)
      instance.setSecurityRealm(ad_realm)
      instance.save()

      Results in a new AD Domain being added, but it's still listed as "(Unsecure) Trust all Certificates" even though I passed in a setting that should pick the "JDK TrustStore".

      It looks like the constructor is ignoring the passed in TlsConfiguration object and always choosing TRUST_ALL_CERTIFICATES regardless of what the user passes in.

      public ActiveDirectorySecurityRealm(String domain, List<ActiveDirectoryDomain> domains, String site, String bindName,
      String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, Boolean customDomain, CacheConfiguration cache, Boolean startTls, TlsConfiguration tlsConfiguration) {
      this(domain, domains, site, bindName, bindPassword, server, groupLookupStrategy, removeIrrelevantGroups, customDomain, cache, startTls, TlsConfiguration.TRUST_ALL_CERTIFICATES, null);
      }
      

       

      It looks like this constructor was introduced here:
      FIXED JENKINS-39065

       

       

       

       

        Attachments

          Issue Links

            Activity

            Hide
            thorntonryan Ryan Thornton added a comment - - edited

            Submitted pull request with suggested fix:
            https://github.com/jenkinsci/active-directory-plugin/pull/77

             

            Rebuilt plugin with above pull. Confirmed configuration script now works as expected and lets me set the trust store to "JDK TrustStore".

            Show
            thorntonryan Ryan Thornton added a comment - - edited Submitted pull request with suggested fix: https://github.com/jenkinsci/active-directory-plugin/pull/77   Rebuilt plugin with above pull. Confirmed configuration script now works as expected and lets me set the trust store to "JDK TrustStore".
            Hide
            thorntonryan Ryan Thornton added a comment -

            Felix merged the fix into master. Thanks for your support!

            See https://github.com/jenkinsci/active-directory-plugin/pull/77

            Show
            thorntonryan Ryan Thornton added a comment - Felix merged the fix into master. Thanks for your support! See  https://github.com/jenkinsci/active-directory-plugin/pull/77

              People

              • Assignee:
                fbelzunc Félix Belzunce Arcos
                Reporter:
                thorntonryan Ryan Thornton
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: