LDAP unable to connect using JDK 8u181 and confluence 6.10.1 Edited

I am setting up Confluence Datacenter using the latest version of java and am having issues connecting to ldaps, verified that i could connect to ldap unsecured. Error is the following:

ldap.server.com:636; nested exception is javax.naming.CommunicationException: ldap.server.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching ldap.server.com found.]

Could be as a result of LDAPS being more robust in this new version of java, not sure how to fix this. 

Change to LDAPS: https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html#JDK-8200666

 

Thanks,

Hamzah Mirza

2 answers

Hi Hamzah,

Welcome to the community. It sounds like this is a network configuration error for the LDAP host itself. You might need to add a record to the /etc/hosts file which maps the domain name of the LDAP server to its IP address.

All the best,
Cameron

Our ldap servers are a large cluster environment. I don't believe i would have to add it to the /etc/hosts file as the connection to ldap unsecure is being made so servers are reachable. 

As a side note, our jira setup had a similar issue but was fixed by us adding

-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"

to /opt/atlassian/jira/bin/setenv.sh JAVA_OPTS. This fix did not work with confluence.

This looks promising. looks like there are 2 fixes from issue https://jira.atlassian.com/browse/CONFSERVER-39309.

I wont disable ssl, but the first option says to add the jvm argument

 -Djdk.tls.trustNameService=true

 where would i add this in the setenv.sh?

@Hamzah Mirza You can add that into the setenv.sh file, add a new line like the following:

 CATALINA_OPTS="-Djdk.tls.trustNameService=true ${CATALINA_OPTS}"

@Cameron Harper i tried adding that to the setenv.sh file and restarting confluence, unfortunately it didn't fix the issue.

 

My setenv.sh:

# See the CATALINA_OPTS below for tuning the JVM arguments used to start Confluence.

 

echo "If you encounter issues starting up Confluence, please see the Installation guide at http://confluence.atlassian.com/display/DOC/Confluence+Installation+Guide"

 

# set the location of the pid file

if [ -z "$CATALINA_PID" ] ; then

    if [ -n "$CATALINA_BASE" ] ; then

        CATALINA_PID="$CATALINA_BASE"/work/catalina.pid

    elif [ -n "$CATALINA_HOME" ] ; then

        CATALINA_PID="$CATALINA_HOME"/work/catalina.pid

    fi

fi

export CATALINA_PID

 

PRGDIR=`dirname "$0"`

if [ -z "$CATALINA_BASE" ]; then

  if [ -z "$CATALINA_HOME" ]; then

    LOGBASE=$PRGDIR

    LOGTAIL=..

  else

    LOGBASE=$CATALINA_HOME

    LOGTAIL=.

  fi

else

  LOGBASE=$CATALINA_BASE

  LOGTAIL=.

fi

 

PUSHED_DIR=`pwd`

cd $LOGBASE

cd $LOGTAIL

LOGBASEABS=`pwd`

cd $PUSHED_DIR

 

echo ""

echo "Server startup logs are located in $LOGBASEABS/logs/catalina.out"

# IMPORTANT NOTE: Only set JAVA_HOME or JRE_HOME above this line

# Get standard Java environment variables

if $os400; then

  # -r will Only work on the os400 if the files are:

  # 1. owned by the user

  # 2. owned by the PRIMARY group of the user

  # this will not work if the user belongs in secondary groups

  . "$CATALINA_HOME"/bin/setjre.sh

else

  if [ -r "$CATALINA_HOME"/bin/setjre.sh ]; then

    . "$CATALINA_HOME"/bin/setjre.sh

  else

    echo "Cannot find $CATALINA_HOME/bin/setjre.sh"

    echo "This file is needed to run this program"

    exit 1

  fi

fi

 

echo "---------------------------------------------------------------------------"

echo "Using Java: $JRE_HOME/bin/java"

CONFLUENCE_CONTEXT_PATH=`$JRE_HOME/bin/java -jar $CATALINA_HOME/bin/confluence-context-path-extractor.jar $CATALINA_HOME`

export CONFLUENCE_CONTEXT_PATH

$JRE_HOME/bin/java -jar $CATALINA_HOME/bin/synchrony-proxy-watchdog.jar $CATALINA_HOME

echo "---------------------------------------------------------------------------"


 

# Set the JVM arguments used to start Confluence. For a description of the options, see

# http://www.oracle.com/technetwork/java/javase/tech/vmoptions-jsp-140102.html

CATALINA_OPTS="-XX:-PrintGCDetails -XX:+PrintGCDateStamps -XX:-PrintTenuringDistribution ${CATALINA_OPTS}"

CATALINA_OPTS="-Xloggc:$LOGBASEABS/logs/gc-`date +%F_%H-%M-%S`.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M ${CATALINA_OPTS}"

CATALINA_OPTS="-XX:G1ReservePercent=20 ${CATALINA_OPTS}"

CATALINA_OPTS="-Djava.awt.headless=true ${CATALINA_OPTS}"

CATALINA_OPTS="-Datlassian.plugins.enable.wait=300 ${CATALINA_OPTS}"

CATALINA_OPTS="-Xms10240m -Xmx10240m -XX:+UseG1GC ${CATALINA_OPTS}"

CATALINA_OPTS="-Dsynchrony.enable.xhr.fallback=true ${CATALINA_OPTS}"

CATALINA_OPTS="-Dorg.apache.tomcat.websocket.DEFAULT_BUFFER_SIZE=32768 ${CATALINA_OPTS}"

CATALINA_OPTS="${START_CONFLUENCE_JAVA_OPTS} ${CATALINA_OPTS}"

CATALINA_OPTS="-Dconfluence.context.path=${CONFLUENCE_CONTEXT_PATH} ${CATALINA_OPTS}"

CATALINA_OPTS="-XX:ReservedCodeCacheSize=256m -XX:+UseCodeCacheFlushing ${CATALINA_OPTS}"

CATALINA_OPTS="-Djdk.tls.trustNameService=true ${CATALINA_OPTS}"

export CATALINA_OPTS

Hi , 

please try the below in setenv.sh. 

 

JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"

 

it works for me in confluence 5.10.2 data centre version. 

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Mar 12, 2019 in Confluence

Confluence Admin Certification now $150 for Community Members

More and more people are building their careers with Atlassian, and we want you to be at the front of this wave! Important Dates Start the Certification Prep Course by 2 April 2019 Take your e...

1,193 views 2 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you