-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
OS - Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
Jenkins - 2.264
AD Plugin - 2.19
Java - Open JDK
Hi, we have been using Jenkins authentication with AD plugin and it was working fine since last Friday, on this weekend we had restarted our Jenkins Server and since then we are not able to Login to Jenkins and gets below error.
[LDAP: error code 8 - 00002028: LdapErr: DSID-0C09026E, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580]
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09026E, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3252)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2993)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2907)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2799)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2772)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2697)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:666)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:544)
at hudson.plugins.active_directory.ActiveDirectoryDomain$DescriptorImpl.doValidateTest(ActiveDirectoryDomain.java:336)
All the AD certificates are store in the keystore and it was working fine but after restart on weekend we are not able to login, AD plugin configuration remains same.
Same issue happened to our Jenkins instance, running on ubuntu 18.04 LTS. Traced it to an openjdk update. I put a hold on the following packages and our AD authentication is unaffected.
openjdk-8-jdk
openjdk-8-jdk-headless
openjdk-8-jre
openjdk-8-jre-headless