Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-27347

Test Remote Directory Connection fails with ClassNotFoundException - LdapHostnameVerificationSSLSocketFactory

XMLWordPrintable

      Step to reproduce

      1. Setup JIRA to connect to LDAP through SSL
      2. Test Remote Directory Connection fail with: 
        java.lang.ClassNotFoundException: com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory
      3. However, JIRA can synchronize without any error to LDAP server and the user can login.

            [JRASERVER-27347] Test Remote Directory Connection fails with ClassNotFoundException - LdapHostnameVerificationSSLSocketFactory

            Jason Huntley added a comment - - edited

            This fix out yet? I just downloaded and setup JIRA for LDAP integration. I'm running into this issue as well.

            Nevermind, operator error. I got it working.

            Jason Huntley added a comment - - edited This fix out yet? I just downloaded and setup JIRA for LDAP integration. I'm running into this issue as well. Nevermind, operator error. I got it working.

            John Sposato added a comment -

            So, when will this fixed version be out? I am setting up JIRA and want to use LDAP, but I am having a similar issue. The only exception is I cannot Sync, so Directory integration will not work!

            John Sposato added a comment - So, when will this fixed version be out? I am setting up JIRA and want to use LDAP, but I am having a similar issue. The only exception is I cannot Sync, so Directory integration will not work!

            Eric Dalgliesh added a comment -

            Thanks OS! Let's make this 6.0 with Awaiting Deployment.

            Eric Dalgliesh added a comment - Thanks OS! Let's make this 6.0 with Awaiting Deployment.

            Oswaldo Hernandez (Inactive) added a comment -

            The fix for this is in a later version of the Embedded Crowd Admin Plugin that we obtained by the crowd upgrade recently done on JIRA master.

            edalgliesh, unless we want to backport this fix to the 1.4.x version of the embedded crowd plugin we can probably put this in Awaiting Deployment with a fix version of 6.0 as I have already done the QA necessary for this issue on the current QA build of JIRA master.

            Can you please confirm?

            Oswaldo Hernandez (Inactive) added a comment - The fix for this is in a later version of the Embedded Crowd Admin Plugin that we obtained by the crowd upgrade recently done on JIRA master. edalgliesh , unless we want to backport this fix to the 1.4.x version of the embedded crowd plugin we can probably put this in Awaiting Deployment with a fix version of 6.0 as I have already done the QA necessary for this issue on the current QA build of JIRA master. Can you please confirm?

            Oswaldo Hernandez (Inactive) added a comment -

            I have reproduced this bug in stable. However, it's fixed in master.

            The cause of this bug seems to be a missing import package in the Embedded Crowd Admin plugin on the com.atlassian.crowd.directory.ssl package which contains the class that is not found.

            Oswaldo Hernandez (Inactive) added a comment - I have reproduced this bug in stable. However, it's fixed in master. The cause of this bug seems to be a missing import package in the Embedded Crowd Admin plugin on the com.atlassian.crowd.directory.ssl package which contains the class that is not found.

            Jan Hlavatý added a comment -

            Is this really harmless? My LDAP groups show empty, that is pretty severe showstopper for LDAP integration for me!

            Jan Hlavatý added a comment - Is this really harmless? My LDAP groups show empty, that is pretty severe showstopper for LDAP integration for me!

            Sorin Sbarnea added a comment -

            Here are some details which can help you investigate and replicate the problem.

            As you can assume you need an LDAP server which already supports SSL authentication but get one that is not directly accesible from your Jira instance.

            Instead tunnel the port 636 from the server to jira localhost:636 so if you connect to localhost:636 you'll be able to query the server.

            I had to manually add the FQDN of the original ldap server into /etc/hosts and map it to 127.0.0.1 in order to allow the certificate to be validated.

            I think that the certificate verification should be not strict or at least to have parameters that can change this behaviour.

            If you wonder about the use-case: this is something quite common if you want to enable LDAP authentication for a public jira server, so people from inside the company can login.

            Sorin Sbarnea added a comment - Here are some details which can help you investigate and replicate the problem. As you can assume you need an LDAP server which already supports SSL authentication but get one that is not directly accesible from your Jira instance. Instead tunnel the port 636 from the server to jira localhost:636 so if you connect to localhost:636 you'll be able to query the server. I had to manually add the FQDN of the original ldap server into /etc/hosts and map it to 127.0.0.1 in order to allow the certificate to be validated. I think that the certificate verification should be not strict or at least to have parameters that can change this behaviour. If you wonder about the use-case: this is something quite common if you want to enable LDAP authentication for a public jira server, so people from inside the company can login.

            Sorin Sbarnea added a comment - - edited

            The directory is not synched!

            Can you fix this ASAP?! It seems to be a blocker for LDAP configuration.

            Sorin Sbarnea added a comment - - edited The directory is not synched! Can you fix this ASAP?! It seems to be a blocker for LDAP configuration.

            Bernardo Acevedo [Atlassian] added a comment -

            This same error message occurs also in Confluence 4.2 when connect to LDAP.

            Bernardo Acevedo [Atlassian] added a comment - This same error message occurs also in Confluence 4.2 when connect to LDAP.

              mhenderson Marty Henderson (Inactive)
              klfoong Foong (Inactive)
              Affected customers:
              13 This affects my team
              Watchers:
              25 Start watching this issue

                Created:
                Updated:
                Resolved: