-
Bug
-
Resolution: Unresolved
-
Major
-
Red Hat Enterprise Linux Server release 7.9 (Maipo)
Jenkins 2.375.1
Active Directory Plugin 2.29
I has try config ldaps for jenkins but not working. i confused with this tutorial document.
Anyone tell me that with step 4 i need add this config to where? I did try add it to /usr/lib/systemd/system/jenkins.service
Environment="JAVA_ARGS=-Djava.awt.headless=true -Djavax.net.ssl.trustStore=$JENKINS_HOME/.keystore/cacerts -Djavax.net.ssl.trustStorePassword=changeit"
As the picture below, i did success connect to AD with TLS enable and JDK TrustStore set
But when i change port 3268 to 3269 (LDAPS) it show me an error.
Dec 14 00:40:15 srv-jenkins jenkins: 2022-12-13 17:40:15.756+0000 [id=16]#011WARNING#011h.p.a.ActiveDirectorySecurityRealm$DescriptorImpl#bind: Failed to bind to srv-dc.testvn.local:3269
Dec 14 00:40:15 srv-jenkins jenkins: javax.naming.NamingException: LDAP connection has been closed
Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:133)
Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.Connection.readReply(Connection.java:443)
Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:365)
Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2895)
Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2797)
Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2770)
Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2699)
Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:193)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:724)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:601)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.plugins.active_directory.ActiveDirectoryDomain$DescriptorImpl.doValidateTest(ActiveDirectoryDomain.java:337)
Dec 14 00:40:15 srv-jenkins jenkins: at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:558)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:289)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:830)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.invoke(Stapler.java:690)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
Dec 14 00:40:15 srv-jenkins jenkins: at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157)
Dec 14 00:40:15 srv-jenkins jenkins: at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
Dec 14 00:40:15 srv-jenkins jenkins: at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:154)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
Dec 14 00:40:15 srv-jenkins jenkins: at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:141)
Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:97)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Dec 14 00:40:15 srv-jenkins jenkins: at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)
Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Dec 14 00:40:15 srv-jenkins jenkins: at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Dec 14 00:40:15 srv-jenkins jenkins: at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1383)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1305)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.Server.handle(Server.java:563)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:139)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:933)
Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1077)
Dec 14 00:40:15 srv-jenkins jenkins: at java.base/java.lang.Thread.run(Thread.java:829)
Dec 14 00:40:15 srv-jenkins jenkins: 2022-12-13 17:40:15.757+0000 [id=16]#011WARNING#011h.p.a.ActiveDirectorySecurityRealm$DescriptorImpl#bind: All attempts to login failed for user testvn\ldap.jenkins
- is caused by
-
JENKINS-69683 Active directory 'Test Domain' does not take into account changes in the `Require TLS` checkbox.
-
- In Progress
-
AD 2.29 with LTS 2.361.1, 2.346.1 using Require TLS and Global Catalog port 3269 gets the same LDAP connection has been closed when testing domain. If I turn off Require TLS and use port 3268 it tests Success but the Active Directory Health Status never returns any data using 2.29.
Either settings still allows users to auth against AD.
Using an older version of the AD plugin works OK.