Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-70272

LDAPS with Active Directory not working

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • Red Hat Enterprise Linux Server release 7.9 (Maipo)
      Jenkins 2.375.1
      Active Directory Plugin 2.29

      I has try config ldaps for jenkins but not working. i confused with this tutorial document. 

      Anyone tell me that with step 4 i need add this config to where? I did try add it to /usr/lib/systemd/system/jenkins.service

      Environment="JAVA_ARGS=-Djava.awt.headless=true -Djavax.net.ssl.trustStore=$JENKINS_HOME/.keystore/cacerts -Djavax.net.ssl.trustStorePassword=changeit"

      As the picture below, i did success connect to AD with TLS enable and JDK TrustStore set

       

      But when i change port 3268 to 3269 (LDAPS) it show me an error.

      Dec 14 00:40:15 srv-jenkins jenkins: 2022-12-13 17:40:15.756+0000 [id=16]#011WARNING#011h.p.a.ActiveDirectorySecurityRealm$DescriptorImpl#bind: Failed to bind to srv-dc.testvn.local:3269
      Dec 14 00:40:15 srv-jenkins jenkins: javax.naming.NamingException: LDAP connection has been closed
      Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:133)
      Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.Connection.readReply(Connection.java:443)
      Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:365)
      Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
      Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2895)
      Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2797)
      Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2770)
      Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2699)
      Dec 14 00:40:15 srv-jenkins jenkins: at java.naming/javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:193)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:724)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:601)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.plugins.active_directory.ActiveDirectoryDomain$DescriptorImpl.doValidateTest(ActiveDirectoryDomain.java:337)
      Dec 14 00:40:15 srv-jenkins jenkins: at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:558)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:289)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:830)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.invoke(Stapler.java:690)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
      Dec 14 00:40:15 srv-jenkins jenkins: at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157)
      Dec 14 00:40:15 srv-jenkins jenkins: at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      Dec 14 00:40:15 srv-jenkins jenkins: at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:154)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
      Dec 14 00:40:15 srv-jenkins jenkins: at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:141)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:97)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      Dec 14 00:40:15 srv-jenkins jenkins: at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      Dec 14 00:40:15 srv-jenkins jenkins: at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      Dec 14 00:40:15 srv-jenkins jenkins: at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1383)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1305)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.Server.handle(Server.java:563)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:139)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:933)
      Dec 14 00:40:15 srv-jenkins jenkins: at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1077)
      Dec 14 00:40:15 srv-jenkins jenkins: at java.base/java.lang.Thread.run(Thread.java:829)
      Dec 14 00:40:15 srv-jenkins jenkins: 2022-12-13 17:40:15.757+0000 [id=16]#011WARNING#011h.p.a.ActiveDirectorySecurityRealm$DescriptorImpl#bind: All attempts to login failed for user testvn\ldap.jenkins

       

       

            fbelzunc Félix Belzunce Arcos
            hoanbc Hoan
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: