-
Improvement
-
Resolution: Unresolved
-
Major
-
None
The Jenkins LDAP-Plugin doesn't support the LDAP StartTLS extension that we would need to access our LDAP server. See also this discussion on the mailing list: http://jenkins.361315.n4.nabble.com/StartTLS-td372639.html
I have investigated a bit to check what would be needed to support that feature, and it seems that the version of acegi-security that Jenkins uses is too old. Spring-ldap supports StartTls since version 1.3.0 (which is part of Spring 3.0).
I have also voted for JENKINS-5303 to upgrade acegi-security.
- depends on
-
JENKINS-5303 Upgrade Acegi Security to the latest Spring Security release
-
- Resolved
-
[JENKINS-14520] LDAP Plugin should support StartTLS extension
Joachim Mairböck
created issue -
Joachim Mairböck
made changes -
| Description |
Original:
The Jenkins LDAP-Plugin doesn't support the LDAP StartTLS extension that we would need to access or LDAP server. See also this discussion on the mailing list: http://jenkins.361315.n4.nabble.com/StartTLS-td372639.html I have investigated a bit to check what would be needed to support that feature, and it seems that the version of acegi-security that Jenkins uses is too old. acegi-security supports LDAP startTLS since version 1.3.0. I have voted for JIRA-5303 to upgrade that, but for this issue, spring-security 2 wouldn't be needed, if that makes things easier. |
New:
The Jenkins LDAP-Plugin doesn't support the LDAP StartTLS extension that we would need to access or LDAP server. See also this discussion on the mailing list: http://jenkins.361315.n4.nabble.com/StartTLS-td372639.html I have investigated a bit to check what would be needed to support that feature, and it seems that the version of acegi-security that Jenkins uses is too old. Spring-ldap supports StartTls since version 1.3.0 (which is part of Spring 3.0). I have also voted for |
| Component/s | New: ldap [ 17122 ] | |
| Component/s | Original: security [ 15508 ] |
| Link |
New:
This issue depends on |
Lukasz Zalewski
added a comment - I know it has been a while but I'm also interested in this feature
Lukasz Zalewski
added a comment - I know it has been a while but I'm also interested in this feature Lukasz Zalewski
added a comment - In the mean time, are there any workarounds available? 
quanah gibson-mount
added a comment - Given it's been three years, it doesn't seem like this is a high priority for the project.
I would note a few things:
StartTLS is the LDAPv3 RFC defined method for secure LDAP connections. LDAPS is not part of an RFC, but was a temporary hack developed for LDAPv2. It would be very helpful if this issue was fixed, so that Jenkins was RFC compliant in connecting with modern LDAPv3 ldap servers.
quanah gibson-mount
added a comment - Given it's been three years, it doesn't seem like this is a high priority for the project.
I would note a few things:
StartTLS is the LDAPv3 RFC defined method for secure LDAP connections. LDAPS is not part of an RFC, but was a temporary hack developed for LDAPv2. It would be very helpful if this issue was fixed, so that Jenkins was RFC compliant in connecting with modern LDAPv3 ldap servers.
Brendan Holmes
added a comment - +1. Anyone who's installed OpenLDAP securely in the last few years will be using StartTLS and not LDAPS. Reluctant to use our directory with Jenkins while it's all in clear text. Any time-frame for this?
Brendan Holmes
added a comment - +1. Anyone who's installed OpenLDAP securely in the last few years will be using StartTLS and not LDAPS. Reluctant to use our directory with Jenkins while it's all in clear text. Any time-frame for this? 
Frederic Van Espen
added a comment - +1, we are now using LDAPS as a workaround. Jenkins is the only application left in our domain that cannot use STARTTLS. Would be great to see it supporting the RFC
Frederic Van Espen
added a comment - +1, we are now using LDAPS as a workaround. Jenkins is the only application left in our domain that cannot use STARTTLS. Would be great to see it supporting the RFC
Is there any plan to fix this?