Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56904

LDAP-plugin uses random Domain Controller


    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: ldap-plugin
    • Labels:
    • Environment:
      Jenkins version 2.166
      Java version: 1.8.0 update 201
      Windows OS
    • Similar Issues:


      Since we are upgraded out test environment to Java 201 we have problems logging in to Jenkins. This happens more or less randomly.

      The error that we receive is : "Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching ortec.finance found."

      In its own this is a clear message, saying that the identity certificate of the  Domain Controller has no correct SAN. 

      This issue is that we have several DC's in our domain. We are using an alias in the configuration of Jenkins to link to 2 DC's which have the correct certificate (later, as a test, we changed this to a list of the 2 DC's). However, when we switch on some debugging (-Djavax.net.debug=ssl:handshake) we see that it also checks other DC's in our domain. These other DC's missing the SAN and generating the error.

      Before update to the java version we didn't have this problem because java wasn't checking this.

      Is this a known issue of the ldap-plugin?





          There are no comments yet on this issue.


            • Assignee:
              remkop Remko Petersq
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: