[
https://issues.jenkins-ci.org/browse/JENKINS-13677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=162554#comment-162554
]
Jolly E commented on JENKINS-13677:
-----------------------------------
Yes. I use LDAPS for other systems authenticating against the same directory.
I just haven't been able to find documentation about how to make the active
directory plugin recognize the ssl certificates that encrypt it. I added the
certs to the keystore that does the ssl encryption for the jenkins (
--httpsPort=8443 --httpsKeyStore=/var/lib/jenkins/.keystore
--httpsKeyStorePassword=******* ) as well as to the /etc/pki/java/cacerts
keystore.
> Active Direcoty Plugin not encrypted - FINE: Failed to start TLS.
> Authentication will be done via plain-text LDAP
> -----------------------------------------------------------------------------------------------------------------
>
> Key: JENKINS-13677
> URL: https://issues.jenkins-ci.org/browse/JENKINS-13677
> Project: Jenkins
> Issue Type: Task
> Components: active-directory
> Environment: rhel 6 connecting to active directory
> Reporter: Jolly E
> Priority: Minor
> Labels: LDAP, LDAPS, SSL, active_directory,, encryption,
> plain-text, tls
>
> FINE: Failed to start TLS. Authentication will be done via plain-text LDAP
> javax.naming.CommunicationException: Remote host closed connection during
> handshake [Root exception is javax.net.ssl.SSLHandshakeException: Remote host
> closed connection during handshake]
> at com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3204)
> at
> hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:400)
> at
> hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:357)
> at
> hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:275)
> at
> hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:180)
> at
> hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:133)
> at
> org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
> at
> org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
> at
> org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
> at
> org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
> at
> org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
> at
> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
> at
> org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
> at
> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
> at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
> at
> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
> at
> org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
> at
> hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
> at
> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
> at
> hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
> at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
> at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
> at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
> at
> hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
> at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
> at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
> at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
> at
> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
> at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection
> during handshake
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:869)
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
> at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:657)
> at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:108)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:409)
> at com.sun.jndi.ldap.LdapClient.extendedOp(LdapClient.java:1190)
> at com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3151)
> ... 35 more
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
> at sun.security.ssl.InputRecord.read(InputRecord.java:352)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:850)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
