Andreas Goeb
unread,Jan 29, 2019, 5:17:12 PM1/29/19Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to jenkins...@googlegroups.com
Dear fellow Jenkins users,
I came across an issue today that I just cannot figure out myself. I hope this is the correct place to ask for help.
*Problem:*
After some connection issues with Active Directory and following reconfiguration, Jenkins now shows the warning „TLS is not correctly configured on Active Directory plugin.Please, change to a more secured option;"
*Environment:*
When the issue occurred for the first time this morning, I was using Jenkins 2.150.2 with Active Directory plugin 2.11 and the following settings
- StartTLS: true
- TRUST_ALL_CERTIFICATES
*What I did so far:*
I thought the reason for the warning might be the TRUST_ALL_CERTIFICATES option, so I tried to disable it. However, it is not shown in the Global Security settings anymore, nor is it contained in the settings.xml file. So, I followed the plugin's documentation wiki page and performed the following steps for proper TLS/LDAPS configuration:
- set the hudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps=true system property
- change the domain controller port in the plugin’s settings to 3269
- copy the JVM’s „cacerts" trust store and import the server certificate into the copy
- set the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword system properties to point to the copy
- configure a custom logger for ActiveDirectorySecurityRealm and log level FINER
The log now shows successful LDAPS connections over port 3269, and users can log in. However, the warning about insecure TLS configuration is still shown.
Does any of you know what the reason for the warning may be and which configuration I might still have to change?
Thanks a lot,
Andreas