Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5680

Support disabling of StartTLS for Email Connection

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 4.4.0
    • 4.2.0, 4.0.3, 4.1.1
    • Email system
    • None

      Issue

      Crowd Mail Server configuration does not offer the option to disable TLS.

      From Crowd v4.1.1, Crowd defaults to using STARTTLS even for non TLS Mail Servers and therefore fails to connect to the Mail Server.

      Expected

      Provide a tick box for "TLS" on the front end Crowd Administration » General Settings » Mail configuration as per our other Atlassian Server products.

      Work Around

      Follow the steps described in:

      and create a JNDI connection with a line to disable TLS.

      1. Backup and edit <crowd-install>/apache-tomcat/conf/Catalina/localhost/crowd.xml
        • Add inside the Context block as such:
          Set the below your_userid and your_password values as required
          ...

  <Resource name="mail/CrowdMailServer"
    auth="Container"
    type="javax.mail.Session"
    mail.smtp.host="<mail-server>"
    mail.smtp.port="25"
    mail.transport.protocol="smtp"
    mail.smtp.auth="true"
    mail.smtp.user="your_userid"
    mail.smtp.starttls.enable="false"
    password="your_password"
   />

...
      2. Restart Crowd
      3. Once Crowd is up, navigate to the Crowd Administration » General Settings » Mail configuration and choose:
        • JNDI location specifying: java:comp/env/mail/CrowdMailServer
      4. Try sending a test Mail

            [CWD-5680] Support disabling of StartTLS for Email Connection

            nitesh reddy added a comment -

            Thank you, Jochen. It worked this time.

            nitesh reddy added a comment - Thank you, Jochen. It worked this time.

            Jochen Eise added a comment - - edited

            Hello nitesh reddy,
            do it as in the post description and not as in the comment.
            I had the same problem.

            With the changes in "<crowd-install>/apache-tomcat/conf/Catalina/localhost/crowd.xml" it worked for me

            Greetings

            Jochen Eise added a comment - - edited Hello nitesh reddy, do it as in the post description and not as in the comment. I had the same problem. With the changes in "<crowd-install>/apache-tomcat/conf/Catalina/localhost/crowd.xml" it worked for me Greetings

            nitesh reddy added a comment -

            I have tried the above work around by adding the configurations in the /<installation directory>/apache-tomcat/conf/server.xml and enabling JDNI, the SMTP issue is resolving. However, it is not allowing the user authentication from Jira, Bitbucket, Bamboo, and Confluence through Crowd. Please help!

            nitesh reddy added a comment - I have tried the above work around by adding the configurations in the / <installation directory>/apache-tomcat/conf/server.xml  and enabling JDNI, the SMTP issue is resolving. However, it is not allowing the user authentication from Jira, Bitbucket, Bamboo, and Confluence through Crowd. Please help!

            Stephen Hodgson added a comment -

            I have to echo the previous comment that this is not a suggestion, rather it is a significant bug. Atlassian silently broke both expiring password notifications and password self-service reset with this change. At the time of this comment, there is no mention of this in the release notes nor upgrade notes so customers were not made aware of the loss of critical functionality when running the upgrade.

            While the listed “work around” technically restores email functionality, it is a not a proper fix. Since the edited file is in the install directory, I assume this must be manually fixed on every subsequent upgrade and it also requires server downtime for simple changes to email settings instead of using the live GUI that has been available and working fine in previous versions.

            Stephen Hodgson added a comment - I have to echo the previous comment that this is not a suggestion, rather it is a significant bug. Atlassian silently broke both expiring password notifications and password self-service reset with this change. At the time of this comment, there is no mention of this in the release notes nor upgrade notes so customers were not made aware of the loss of critical functionality when running the upgrade. While the listed “work around” technically restores email functionality, it is a not a proper fix. Since the edited file is in the install directory, I assume this must be manually fixed on every subsequent upgrade and it also requires server downtime for simple changes to email settings instead of using the live GUI that has been available and working fine in previous versions.

            Sake added a comment - - edited

            Well this isn't a suggestion, but a Bug. If I want to use SSL/TLS, I would activate the option. I can't get the workaround to work unfortunately 

            The provided workaround didn't worked for us, because the file <crowd-install>/apache-tomcat/conf/Catalina/localhost/crowd.xml is missing when using the tar.gz on Linux (in our case). The following changes worked for us.

            Change in /<installation directory>/apache-tomcat/conf/server.xml the following setting.

                    <Engine defaultHost="localhost" name="Catalina">
            <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
                <Context path="" docBase="../../crowd-webapp" debug="0">
                    <Manager pathname="" />
                </Context>
            </Host>
        </Engine>

             
            To if you don't need authorization:

                    <Engine defaultHost="localhost" name="Catalina">
            <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
                <Context path="" docBase="../../crowd-webapp" debug="0">
                    <Manager pathname="" />
                    <Resource name="mail/CrowdMailServer"
                        auth="Container"
                        type="javax.mail.Session"
                        mail.smtp.host="smtp.belastingdienst.nl"
                        mail.smtp.port="25"
                        mail.transport.protocol="smtp"
                        mail.smtp.auth="false"
                        mail.smtp.starttls.enable="false"
                    />
                </Context>
            </Host>
        </Engine>

            Or to if you need to use authorization:

                    <Engine defaultHost="localhost" name="Catalina">
            <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
                <Context path="" docBase="../../crowd-webapp" debug="0">
                    <Manager pathname="" />
                    <Resource name="mail/CrowdMailServer"
                        auth="Container"
                        type="javax.mail.Session"
                        mail.smtp.host="smtp.belastingdienst.nl"
                        mail.smtp.port="25"
                        mail.transport.protocol="smtp"
                        mail.smtp.auth="true"
                        mail.smtp.user="your_userid"
                        password="your_password"
                        mail.smtp.starttls.enable="false"
                    />
                </Context>
            </Host>
        </Engine>

            Next set in Crowd in the Mail configuration the Mail server type to JDNI location and use the following JDNI location.

            java:comp/env/mail/CrowdMailServer

            Sake added a comment - - edited Well this isn't a suggestion, but a Bug. If I want to use SSL/TLS, I would activate the option. I can't get the workaround to work unfortunately   The provided workaround didn't worked for us, because the file <crowd-install>/apache-tomcat/conf/Catalina/localhost/crowd.xml is missing when using the tar.gz on Linux (in our case). The following changes worked for us. Change in  /<installation directory>/apache-tomcat/conf/server.xml the following setting. <Engine defaultHost= "localhost" name= "Catalina" > <Host appBase= "webapps" autoDeploy= "true" name= "localhost" unpackWARs= "true" > <Context path= "" docBase=" ../../crowd-webapp " debug=" 0"> <Manager pathname="" /> </Context> </Host> </Engine>   To if you don't need authorization: <Engine defaultHost= "localhost" name= "Catalina" > <Host appBase= "webapps" autoDeploy= "true" name= "localhost" unpackWARs= "true" > <Context path= "" docBase=" ../../crowd-webapp " debug=" 0"> <Manager pathname="" /> <Resource name= "mail/CrowdMailServer" auth= "Container" type= "javax.mail.Session" mail.smtp.host= "smtp.belastingdienst.nl" mail.smtp.port= "25" mail.transport.protocol= "smtp" mail.smtp.auth= "false" mail.smtp.starttls.enable= "false" /> </Context> </Host> </Engine> Or to if you need to use authorization: <Engine defaultHost= "localhost" name= "Catalina" > <Host appBase= "webapps" autoDeploy= "true" name= "localhost" unpackWARs= "true" > <Context path= "" docBase=" ../../crowd-webapp " debug=" 0"> <Manager pathname="" /> <Resource name= "mail/CrowdMailServer" auth= "Container" type= "javax.mail.Session" mail.smtp.host= "smtp.belastingdienst.nl" mail.smtp.port= "25" mail.transport.protocol= "smtp" mail.smtp.auth= "true" mail.smtp.user= "your_userid" password= "your_password" mail.smtp.starttls.enable= "false" /> </Context> </Host> </Engine> Next set in Crowd in the Mail configuration the Mail server type to JDNI location and use the following JDNI location . java:comp/env/mail/CrowdMailServer

              Unassigned Unassigned
              hlam@atlassian.com Eric Lam
              Affected customers:
              8 This affects my team
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: