Dear fellow Jenkins users, I came across an issue today that I just cannot figure out myself. I hope this is the correct place to ask for help.
*Problem:* After some connection issues with Active Directory and following reconfiguration, Jenkins now shows the warning „TLS is not correctly configured on Active Directory plugin.Please, change to a more secured option;" *Environment:* When the issue occurred for the first time this morning, I was using Jenkins 2.150.2 with Active Directory plugin 2.11 and the following settings - StartTLS: true - TRUST_ALL_CERTIFICATES *What I did so far:* I thought the reason for the warning might be the TRUST_ALL_CERTIFICATES option, so I tried to disable it. However, it is not shown in the Global Security settings anymore, nor is it contained in the settings.xml file. So, I followed the plugin's documentation wiki page and performed the following steps for proper TLS/LDAPS configuration: - set the hudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps=true system property - change the domain controller port in the plugin’s settings to 3269 - copy the JVM’s „cacerts" trust store and import the server certificate into the copy - set the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword system properties to point to the copy - configure a custom logger for ActiveDirectorySecurityRealm and log level FINER The log now shows successful LDAPS connections over port 3269, and users can log in. However, the warning about insecure TLS configuration is still shown. Does any of you know what the reason for the warning may be and which configuration I might still have to change? Thanks a lot, Andreas -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/E6917DCF-823F-4DBD-A11E-7B8B1545D2A8%40goeb.org. For more options, visit https://groups.google.com/d/optout.
