LDAP unable to connect using JDK 8u181 and confluence 6.10.1

Hamzah Mirza July 30, 2018

I am setting up Confluence Datacenter using the latest version of java and am having issues connecting to ldaps, verified that i could connect to ldap unsecured. Error is the following:

ldap.server.com:636; nested exception is javax.naming.CommunicationException: ldap.server.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching ldap.server.com found.]

Could be as a result of LDAPS being more robust in this new version of java, not sure how to fix this. 

Change to LDAPS: https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html#JDK-8200666

 

Thanks,

Hamzah Mirza

2 answers

0 votes
Parthiban Narayanasamy August 21, 2018

Hi , 

please try the below in setenv.sh. 

 

JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"

 

it works for me in confluence 5.10.2 data centre version. 

0 votes
Deleted user July 30, 2018

Hi Hamzah,

Welcome to the community. It sounds like this is a network configuration error for the LDAP host itself. You might need to add a record to the /etc/hosts file which maps the domain name of the LDAP server to its IP address.

All the best,
Cameron

Hamzah Mirza July 30, 2018

Our ldap servers are a large cluster environment. I don't believe i would have to add it to the /etc/hosts file as the connection to ldap unsecure is being made so servers are reachable. 

As a side note, our jira setup had a similar issue but was fixed by us adding

-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"

to /opt/atlassian/jira/bin/setenv.sh JAVA_OPTS. This fix did not work with confluence.

Deleted user July 30, 2018

@Hamzah Mirzait seems you're having a similar issue to this: https://jira.atlassian.com/browse/CONFSERVER-38853

Hamzah Mirza July 30, 2018

This looks promising. looks like there are 2 fixes from issue https://jira.atlassian.com/browse/CONFSERVER-39309.

I wont disable ssl, but the first option says to add the jvm argument

 -Djdk.tls.trustNameService=true

 where would i add this in the setenv.sh?

Deleted user July 31, 2018

@Hamzah Mirza You can add that into the setenv.sh file, add a new line like the following:

 CATALINA_OPTS="-Djdk.tls.trustNameService=true ${CATALINA_OPTS}"

Hamzah Mirza July 31, 2018

@[deleted] i tried adding that to the setenv.sh file and restarting confluence, unfortunately it didn't fix the issue.

 

My setenv.sh:

# See the CATALINA_OPTS below for tuning the JVM arguments used to start Confluence.

 

echo "If you encounter issues starting up Confluence, please see the Installation guide at http://confluence.atlassian.com/display/DOC/Confluence+Installation+Guide"

 

# set the location of the pid file

if [ -z "$CATALINA_PID" ] ; then

    if [ -n "$CATALINA_BASE" ] ; then

        CATALINA_PID="$CATALINA_BASE"/work/catalina.pid

    elif [ -n "$CATALINA_HOME" ] ; then

        CATALINA_PID="$CATALINA_HOME"/work/catalina.pid

    fi

fi

export CATALINA_PID

 

PRGDIR=`dirname "$0"`

if [ -z "$CATALINA_BASE" ]; then

  if [ -z "$CATALINA_HOME" ]; then

    LOGBASE=$PRGDIR

    LOGTAIL=..

  else

    LOGBASE=$CATALINA_HOME

    LOGTAIL=.

  fi

else

  LOGBASE=$CATALINA_BASE

  LOGTAIL=.

fi

 

PUSHED_DIR=`pwd`

cd $LOGBASE

cd $LOGTAIL

LOGBASEABS=`pwd`

cd $PUSHED_DIR

 

echo ""

echo "Server startup logs are located in $LOGBASEABS/logs/catalina.out"

# IMPORTANT NOTE: Only set JAVA_HOME or JRE_HOME above this line

# Get standard Java environment variables

if $os400; then

  # -r will Only work on the os400 if the files are:

  # 1. owned by the user

  # 2. owned by the PRIMARY group of the user

  # this will not work if the user belongs in secondary groups

  . "$CATALINA_HOME"/bin/setjre.sh

else

  if [ -r "$CATALINA_HOME"/bin/setjre.sh ]; then

    . "$CATALINA_HOME"/bin/setjre.sh

  else

    echo "Cannot find $CATALINA_HOME/bin/setjre.sh"

    echo "This file is needed to run this program"

    exit 1

  fi

fi

 

echo "---------------------------------------------------------------------------"

echo "Using Java: $JRE_HOME/bin/java"

CONFLUENCE_CONTEXT_PATH=`$JRE_HOME/bin/java -jar $CATALINA_HOME/bin/confluence-context-path-extractor.jar $CATALINA_HOME`

export CONFLUENCE_CONTEXT_PATH

$JRE_HOME/bin/java -jar $CATALINA_HOME/bin/synchrony-proxy-watchdog.jar $CATALINA_HOME

echo "---------------------------------------------------------------------------"


 

# Set the JVM arguments used to start Confluence. For a description of the options, see

# http://www.oracle.com/technetwork/java/javase/tech/vmoptions-jsp-140102.html

CATALINA_OPTS="-XX:-PrintGCDetails -XX:+PrintGCDateStamps -XX:-PrintTenuringDistribution ${CATALINA_OPTS}"

CATALINA_OPTS="-Xloggc:$LOGBASEABS/logs/gc-`date +%F_%H-%M-%S`.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M ${CATALINA_OPTS}"

CATALINA_OPTS="-XX:G1ReservePercent=20 ${CATALINA_OPTS}"

CATALINA_OPTS="-Djava.awt.headless=true ${CATALINA_OPTS}"

CATALINA_OPTS="-Datlassian.plugins.enable.wait=300 ${CATALINA_OPTS}"

CATALINA_OPTS="-Xms10240m -Xmx10240m -XX:+UseG1GC ${CATALINA_OPTS}"

CATALINA_OPTS="-Dsynchrony.enable.xhr.fallback=true ${CATALINA_OPTS}"

CATALINA_OPTS="-Dorg.apache.tomcat.websocket.DEFAULT_BUFFER_SIZE=32768 ${CATALINA_OPTS}"

CATALINA_OPTS="${START_CONFLUENCE_JAVA_OPTS} ${CATALINA_OPTS}"

CATALINA_OPTS="-Dconfluence.context.path=${CONFLUENCE_CONTEXT_PATH} ${CATALINA_OPTS}"

CATALINA_OPTS="-XX:ReservedCodeCacheSize=256m -XX:+UseCodeCacheFlushing ${CATALINA_OPTS}"

CATALINA_OPTS="-Djdk.tls.trustNameService=true ${CATALINA_OPTS}"

export CATALINA_OPTS

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events