Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-30634

Can't connect to LDAP over SSL when using Java 7

XMLWordPrintable

      Symptoms

      When connecting a directory to LDAP via SSL you will see an error like this in the web browser:

      Connection test failed. Response from the server:
      localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]

      In the log file there will be an entry like this:

      2012-11-18 18:46:38,147 QuartzWorker-1 ERROR      [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ].
      com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]
              at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:416)
              at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:384)
              at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:574)
              at com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:944)
              at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.findAllRemoteUsers(RemoteDirectoryCacheRefresher.java:41)
              at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.synchroniseAllUsers(RemoteDirectoryCacheRefresher.java:60)
              at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:40)
              at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619)
              at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
              at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
              at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34)
              at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
              at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72)
              at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
      Caused by: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]
              at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:98)
              at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
              at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
              at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:138)
              at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:94)
              at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:65)
              at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287)
              at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
              at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624)
              at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535)
              at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:56)
              at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:53)
              at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:43)
              at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:53)
              at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:412)
              ... 13 more
      Caused by: javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]
              at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
              at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
              at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
              at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
              at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
              at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
              at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
              at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
              at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
              at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
              at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
              at javax.naming.InitialContext.init(Unknown Source)
              at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
              at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43)
              at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254)
              ... 26 more
      Caused by: java.lang.RuntimeException: Unable to set hostname verification on SSLSocket
              at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:85)
              at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.createSocket(LdapHostnameVerificationSSLSocketFactory.java:125)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
              at java.lang.reflect.Method.invoke(Unknown Source)
              at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)
              ... 41 more
      Caused by: java.lang.NoSuchMethodException: sun.security.ssl.SSLSocketImpl.trySetHostnameVerification(java.lang.String)
              at java.lang.Class.getMethod(Unknown Source)
              at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:80)
              ... 47 more
      

      Steps to Reproduce

      1. Run JIRA using Java 7, not Java 6 - Java 7 is listed as a supported platform
      2. Import SSL certificate of the LDAP server into JIRA's JVM keystore as per normal procedure
      3. Add an LDAP directory, attempt to configure using SSL
      4. Observe the error message and log entry described above

      Workaround

      Use Java 6

              mhenderson Marty Henderson (Inactive)
              amwei AmandaA
              Votes:
              11 Vote for this issue
              Watchers:
              23 Start watching this issue

                Created:
                Updated:
                Resolved: