Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira and LDAPs Multi Domain

Florian_Schmutz
Florian_Schmutz February 26, 2020

Hi

In case of the upcomming Microsoft Patch which is disabling the LDAP and enabling LDAPs by default we need to change our User LDAP Connection of our jira.

We have now the Problem that one of the Domains is working with ldaps and the other not.

Here ist the Error MSG:

***************************************************************************************
Verbindungstest fehlgeschlagen. Antwort vom Server:
DC1.DOMAIN2.local:636; nested exception is javax.naming.CommunicationException: DC1.DOMAIN2.locall:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
***************************************************************************************

We have added the Cert of the DC1.DOMAIN2.local the same way as for the DC1.DOMAIN1.local

***************************************************************************************
keytool -importcert -keystore "C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts" -file DC1.DOMAIN2.local.cer
***************************************************************************************

In Case of the upper Error we added additionaly the Root CA of the Domain B to the cerststore

***************************************************************************************
keytool -import -trustcacerts -alias DC1.DOMAIN2.local -file root-ca.cer -keystore "C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts"
***************************************************************************************

More Informations:

Jira and confluence is installed on a windows 2k12r2 Server in the Domain1
On the Jira are 2 LDAP Query Configured Pointing to DC1.DOMAIN1.local and DC1.DOMAIN2.local over Port 636
The SSL checkbox is on.

The Query is working over LDAP. So the whole  AD query User and the LDAP Path  is working.

In Domain1 and Domain2 are AD Integrated CAs installed and the DC's has taken a cert of them.

The Jira and the Domain Controllers were booted multiples times.
The LDP.exe is connecting to DC1.DOMAIN1.local and DC1.DOMAIN2.local sucessfully.

 

So a little Update of this Problem.

I tryed to troubleshoot this issue with this:
https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html

 

So first the Issue

 

With this Domain it is not working.

Picture1.jpg

With this it is working

Picture2.jpg

 

On the Jira Server with the SSLPoke Java tool the Problem is inverted.

SSLfail.jpg

So in Jira the gro domain isent working but the AIL
In the SSLPOke the gro domain is working but the AIL not.

And Finaly with the used Keestore from Jira i guess.

SSLfail1.jpg

 

Could there be any know issue with jira or better Java that only one LDAPS connection could be formed in one Java Session?

 

Kind Regards

Florian

Answer
Watch
Like Be the first to like this
644 views

2 answers

0 votes
Florian_Schmutz
Florian_Schmutz May 11, 2020

Im still strugeling with this issue.
In case of the upcomming microsoft upgrade i need to fix this ;(

View More Comments
Like
Reply
0 votes
Florian_Schmutz
Florian_Schmutz March 3, 2020

Anyone some Ideas?

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events