[JENKINS-21073] Fix forceLdaps system property

Type: Bug
Resolution: Unresolved
Priority: Minor
Component/s: active-directory-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

The Active Directory documentation [1] says you can use the `hudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps` system property to force connecting via LDAPS. This is broken.

The following pull request updates the code to use this system property:
https://github.com/jenkinsci/active-directory-plugin/pull/8

It also changes the default LDAPS port from 686 to 636.

[1] https://wiki.jenkins-ci.org/display/JENKINS/Active+Directory+plugin#ActiveDirectoryplugin-SecuringaccesstoActiveDirectoryservers

Brandon Turner created issue - 2013-12-18 15:50

SCM/JIRA link daemon added a comment - 2014-03-10 13:54

Code changed in jenkins
User: Stephen Connolly
Path:
src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
http://jenkins-ci.org/commit/active-directory-plugin/a700b733586273c53703dff15abfbc094245605a
Log:
Merge pull request #8 from blt04/fix-ldaps

JENKINS-21073 Fix forceLdaps system property

Compare: https://github.com/jenkinsci/active-directory-plugin/compare/45dfbccf0bf4...a700b7335862

SCM/JIRA link daemon added a comment - 2014-03-10 13:54 Code changed in jenkins User: Stephen Connolly Path: src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java http://jenkins-ci.org/commit/active-directory-plugin/a700b733586273c53703dff15abfbc094245605a Log: Merge pull request #8 from blt04/fix-ldaps JENKINS-21073 Fix forceLdaps system property Compare: https://github.com/jenkinsci/active-directory-plugin/compare/45dfbccf0bf4...a700b7335862

Stafford Ritchie made changes - 2014-03-13 18:42

Assignee

New: Stafford Ritchie [ eyeeyeeye ]

Stafford Ritchie added a comment - 2014-03-13 18:44

Testing merged code

Stafford Ritchie added a comment - 2014-03-13 18:44 Testing merged code

R. Tyler Croy made changes - 2016-07-25 23:50

Workflow

Original: JNJira [ 152935 ]

New: JNJira + In-Review [ 178359 ]

Félix Belzunce Arcos added a comment - 2017-03-08 00:25

Released since active-directory-1.34

Félix Belzunce Arcos added a comment - 2017-03-08 00:25 Released since active-directory-1.34

Félix Belzunce Arcos made changes - 2017-03-08 00:25

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Closed [ 6 ]

Sebastian Willdo added a comment - 2020-02-11 07:33

I seems that issue returns. I'm not able to connect with TLS to our AD. In logs(hudson.plugins.active_directory) i can see that plugin tries to connect with plain protocol ldap even after forcing ldpas in start parameters.

PATH=/opt/wii/test/csvn/bin:$PATH 
export JAVA_ARGS='-Dorg.eclipse.jetty.server.HttpConfiguration.requestHeaderSize=32768 -Dorg.eclipse.jetty.server.HttpConfiguration.responseHeaderSize=32768 -Dorg.eclipse.jetty.server.Request.maxFormContentSize=500000 -Dhudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps=true -Djavax.net.ssl.trustStore=/opt/wii/java/jdk1.8.0_111/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Dhudson.footerURL=http://jenkins:8080' 
export JENKINS_JAVA_OPTIONS="${JAVA_ARGS}" 
source /home/jenkins/.bash_profile 2>&1 >/dev/null 
LOG_NAME=$(date +%d_%m_%Y).logs 
$JAVA_HOME/jre/bin/java -Xms4096m -Xmx4096m $JAVA_ARGS -jar $JENKINS_HOME/server/lib/jenkins.war --requestHeaderSize=32768 > $JENKINS_HOME/server/logs/$LOG_NAME 2>&1 & 
echo $LOG_NAME
exit 0

Sebastian Willdo added a comment - 2020-02-11 07:33 I seems that issue returns. I'm not able to connect with TLS to our AD. In logs(hudson.plugins.active_directory) i can see that plugin tries to connect with plain protocol ldap even after forcing ldpas in start parameters. PATH=/opt/wii/test/csvn/bin: $PATH export JAVA_ARGS= '-Dorg.eclipse.jetty.server.HttpConfiguration.requestHeaderSize=32768 -Dorg.eclipse.jetty.server.HttpConfiguration.responseHeaderSize=32768 -Dorg.eclipse.jetty.server.Request.maxFormContentSize=500000 -Dhudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps=true -Djavax.net.ssl.trustStore=/opt/wii/java/jdk1.8.0_111/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Dhudson.footerURL=http://jenkins:8080' export JENKINS_JAVA_OPTIONS= "${JAVA_ARGS}" source /home/jenkins/.bash_profile 2>&1 >/dev/null LOG_NAME=$(date +%d_%m_%Y).logs $JAVA_HOME/jre/bin/java -Xms4096m -Xmx4096m $JAVA_ARGS -jar $JENKINS_HOME/server/lib/jenkins.war --requestHeaderSize=32768 > $JENKINS_HOME/server/logs/$LOG_NAME 2>&1 & echo $LOG_NAME exit 0

Sebastian Willdo made changes - 2020-02-11 07:33

Resolution	Original: Fixed [ 1 ]
Status	Original: Closed [ 6 ]	New: Reopened [ 4 ]

Sebastian Willdo added a comment - 2020-02-11 07:34

Jenkins version: 2.220
Plugin version: 2.16

Sebastian Willdo added a comment - 2020-02-11 07:34 Jenkins version: 2.220 Plugin version: 2.16

Assignee:: Stafford Ritchie

Reporter:: Brandon Turner

Votes:: 2 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2013-12-18 15:50

Updated:: 2020-08-06 12:16

Jenkins

Details

Description

Attachments

Activity

Collapse comment: SCM/JIRA link daemon added a comment - 2014-03-10 13:54

Expand comment: SCM/JIRA link daemon added a comment - 2014-03-10 13:54

Collapse comment: Stafford Ritchie added a comment - 2014-03-13 18:44

Expand comment: Stafford Ritchie added a comment - 2014-03-13 18:44

Collapse comment: Félix Belzunce Arcos added a comment - 2017-03-08 00:25

Expand comment: Félix Belzunce Arcos added a comment - 2017-03-08 00:25

Collapse comment: Sebastian Willdo added a comment - 2020-02-11 07:33

Expand comment: Sebastian Willdo added a comment - 2020-02-11 07:33

Collapse comment: Sebastian Willdo added a comment - 2020-02-11 07:34

Expand comment: Sebastian Willdo added a comment - 2020-02-11 07:34

People

Dates