It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

LDAP unable to connect using JDK 8u181 and confluence 6.10.1 Edited

I am setting up Confluence Datacenter using the latest version of java and am having issues connecting to ldaps, verified that i could connect to ldap unsecured. Error is the following:

ldap.server.com:636; nested exception is javax.naming.CommunicationException: ldap.server.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching ldap.server.com found.]

Could be as a result of LDAPS being more robust in this new version of java, not sure how to fix this. 

Change to LDAPS: https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html#JDK-8200666

 

Thanks,

Hamzah Mirza

2 answers

Hi Hamzah,

Welcome to the community. It sounds like this is a network configuration error for the LDAP host itself. You might need to add a record to the /etc/hosts file which maps the domain name of the LDAP server to its IP address.

All the best,
Cameron

Our ldap servers are a large cluster environment. I don't believe i would have to add it to the /etc/hosts file as the connection to ldap unsecure is being made so servers are reachable. 

As a side note, our jira setup had a similar issue but was fixed by us adding

-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"

to /opt/atlassian/jira/bin/setenv.sh JAVA_OPTS. This fix did not work with confluence.

This looks promising. looks like there are 2 fixes from issue https://jira.atlassian.com/browse/CONFSERVER-39309.

I wont disable ssl, but the first option says to add the jvm argument

 -Djdk.tls.trustNameService=true

 where would i add this in the setenv.sh?

@Hamzah Mirza You can add that into the setenv.sh file, add a new line like the following:

 CATALINA_OPTS="-Djdk.tls.trustNameService=true ${CATALINA_OPTS}"

@Cameron Harper i tried adding that to the setenv.sh file and restarting confluence, unfortunately it didn't fix the issue.

 

My setenv.sh:

# See the CATALINA_OPTS below for tuning the JVM arguments used to start Confluence.

 

echo "If you encounter issues starting up Confluence, please see the Installation guide at http://confluence.atlassian.com/display/DOC/Confluence+Installation+Guide"

 

# set the location of the pid file

if [ -z "$CATALINA_PID" ] ; then

    if [ -n "$CATALINA_BASE" ] ; then

        CATALINA_PID="$CATALINA_BASE"/work/catalina.pid

    elif [ -n "$CATALINA_HOME" ] ; then

        CATALINA_PID="$CATALINA_HOME"/work/catalina.pid

    fi

fi

export CATALINA_PID

 

PRGDIR=`dirname "$0"`

if [ -z "$CATALINA_BASE" ]; then

  if [ -z "$CATALINA_HOME" ]; then

    LOGBASE=$PRGDIR

    LOGTAIL=..

  else

    LOGBASE=$CATALINA_HOME

    LOGTAIL=.

  fi

else

  LOGBASE=$CATALINA_BASE

  LOGTAIL=.

fi

 

PUSHED_DIR=`pwd`

cd $LOGBASE

cd $LOGTAIL

LOGBASEABS=`pwd`

cd $PUSHED_DIR

 

echo ""

echo "Server startup logs are located in $LOGBASEABS/logs/catalina.out"

# IMPORTANT NOTE: Only set JAVA_HOME or JRE_HOME above this line

# Get standard Java environment variables

if $os400; then

  # -r will Only work on the os400 if the files are:

  # 1. owned by the user

  # 2. owned by the PRIMARY group of the user

  # this will not work if the user belongs in secondary groups

  . "$CATALINA_HOME"/bin/setjre.sh

else

  if [ -r "$CATALINA_HOME"/bin/setjre.sh ]; then

    . "$CATALINA_HOME"/bin/setjre.sh

  else

    echo "Cannot find $CATALINA_HOME/bin/setjre.sh"

    echo "This file is needed to run this program"

    exit 1

  fi

fi

 

echo "---------------------------------------------------------------------------"

echo "Using Java: $JRE_HOME/bin/java"

CONFLUENCE_CONTEXT_PATH=`$JRE_HOME/bin/java -jar $CATALINA_HOME/bin/confluence-context-path-extractor.jar $CATALINA_HOME`

export CONFLUENCE_CONTEXT_PATH

$JRE_HOME/bin/java -jar $CATALINA_HOME/bin/synchrony-proxy-watchdog.jar $CATALINA_HOME

echo "---------------------------------------------------------------------------"


 

# Set the JVM arguments used to start Confluence. For a description of the options, see

# http://www.oracle.com/technetwork/java/javase/tech/vmoptions-jsp-140102.html

CATALINA_OPTS="-XX:-PrintGCDetails -XX:+PrintGCDateStamps -XX:-PrintTenuringDistribution ${CATALINA_OPTS}"

CATALINA_OPTS="-Xloggc:$LOGBASEABS/logs/gc-`date +%F_%H-%M-%S`.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M ${CATALINA_OPTS}"

CATALINA_OPTS="-XX:G1ReservePercent=20 ${CATALINA_OPTS}"

CATALINA_OPTS="-Djava.awt.headless=true ${CATALINA_OPTS}"

CATALINA_OPTS="-Datlassian.plugins.enable.wait=300 ${CATALINA_OPTS}"

CATALINA_OPTS="-Xms10240m -Xmx10240m -XX:+UseG1GC ${CATALINA_OPTS}"

CATALINA_OPTS="-Dsynchrony.enable.xhr.fallback=true ${CATALINA_OPTS}"

CATALINA_OPTS="-Dorg.apache.tomcat.websocket.DEFAULT_BUFFER_SIZE=32768 ${CATALINA_OPTS}"

CATALINA_OPTS="${START_CONFLUENCE_JAVA_OPTS} ${CATALINA_OPTS}"

CATALINA_OPTS="-Dconfluence.context.path=${CONFLUENCE_CONTEXT_PATH} ${CATALINA_OPTS}"

CATALINA_OPTS="-XX:ReservedCodeCacheSize=256m -XX:+UseCodeCacheFlushing ${CATALINA_OPTS}"

CATALINA_OPTS="-Djdk.tls.trustNameService=true ${CATALINA_OPTS}"

export CATALINA_OPTS

Hi , 

please try the below in setenv.sh. 

 

JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"

 

it works for me in confluence 5.10.2 data centre version. 

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence

2019: All Wrap(ped) Up Like a Present

Hindsight might be 2020 but looking back, a lot of cool new features rolled out in 2019. From new collaboration and organizational powers to fresh templates and handy integrations, it’s been quite th...

50,438 views 90 97
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you