Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65269

Active Directory uses unsecure LDAP

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Not A Defect
    • Labels:
      None
    • Environment:
      Jenkins 2.286
      Active Directory plugin 2.23

    • Similar Issues:

      Description

      The IT department complains that my Jenkins server is performing unsecure requests over a clear text (non-SSL/TSL encrypted) LDAP connection. However, I'm not using LDAP, I'm using active directory to authenticate users. How is this possible?

      Configuration of the Active Directory Security Realm:

      • TLS Configuration: JDK TrustStore
      • StartTLs is enabled
      • Test domain returns success
      • Group membership is using "Token-Groups users attribute" as the default LDAP_MATCHING_RULE_IN_CHAIN might fall back to LDAP
      • Remove irrelevant groups is enabled
      • Use Jenkins Internal Database is disabled
      • Cache is enabled with 256 elements and 10 minutes TTL

      What is causing these LDAP requests or how can I stop them?

        Attachments

          Activity

          Hide
          mwinter69 Markus Winter added a comment -

          Read the manual about forcing ldaps

           

          Show
          mwinter69 Markus Winter added a comment - Read the manual about forcing ldaps  
          Hide
          kpop kpop added a comment -

          Thank you for the suggestion. I'm trying out the procedure mentioned on https://plugins.jenkins.io/active-directory/#user-content-securing-access-to-active-directory-servers

          Show
          kpop kpop added a comment - Thank you for the suggestion. I'm trying out the procedure mentioned on  https://plugins.jenkins.io/active-directory/#user-content-securing-access-to-active-directory-servers
          Hide
          kpop kpop added a comment - - edited

          After IT configured a X509 certificate, I was able to upgrade the connection to TLS. The logging in hudson.plugins.active_directory.ActiveDirectorySecurityRealm also helped with this.

          This seems to be working as expected, this issue can be closed.

          Show
          kpop kpop added a comment - - edited After IT configured a X509 certificate, I was able to upgrade the connection to TLS. The logging in hudson.plugins.active_directory.ActiveDirectorySecurityRealm also helped with this. This seems to be working as expected, this issue can be closed.

            People

            Assignee:
            fbelzunc Félix Belzunce Arcos
            Reporter:
            kpop kpop
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: