It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

LDAP unable to connect using JDK 8u181 and confluence 6.10.1 Edited

Hamzah Mirza Jul 30, 2018

I am setting up Confluence Datacenter using the latest version of java and am having issues connecting to ldaps, verified that i could connect to ldap unsecured. Error is the following:

ldap.server.com:636; nested exception is javax.naming.CommunicationException: ldap.server.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching ldap.server.com found.]

Could be as a result of LDAPS being more robust in this new version of java, not sure how to fix this. 

Change to LDAPS: https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html#JDK-8200666

 

Thanks,

Hamzah Mirza

2 answers

0 votes
Cameron Harper Jul 30, 2018

Hi Hamzah,

Welcome to the community. It sounds like this is a network configuration error for the LDAP host itself. You might need to add a record to the /etc/hosts file which maps the domain name of the LDAP server to its IP address.

All the best,
Cameron

Hamzah Mirza Jul 30, 2018 • edited

Our ldap servers are a large cluster environment. I don't believe i would have to add it to the /etc/hosts file as the connection to ldap unsecure is being made so servers are reachable. 

As a side note, our jira setup had a similar issue but was fixed by us adding

-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"

to /opt/atlassian/jira/bin/setenv.sh JAVA_OPTS. This fix did not work with confluence.

Cameron Harper Jul 30, 2018

@Hamzah Mirzait seems you're having a similar issue to this: https://jira.atlassian.com/browse/CONFSERVER-38853

Hamzah Mirza Jul 30, 2018

This looks promising. looks like there are 2 fixes from issue https://jira.atlassian.com/browse/CONFSERVER-39309.

I wont disable ssl, but the first option says to add the jvm argument

 -Djdk.tls.trustNameService=true

 where would i add this in the setenv.sh?

Cameron Harper Jul 31, 2018

@Hamzah Mirza You can add that into the setenv.sh file, add a new line like the following:

 CATALINA_OPTS="-Djdk.tls.trustNameService=true ${CATALINA_OPTS}"

Hamzah Mirza Jul 31, 2018 • edited

@Cameron Harper i tried adding that to the setenv.sh file and restarting confluence, unfortunately it didn't fix the issue.

 

My setenv.sh:

# See the CATALINA_OPTS below for tuning the JVM arguments used to start Confluence.

 

echo "If you encounter issues starting up Confluence, please see the Installation guide at http://confluence.atlassian.com/display/DOC/Confluence+Installation+Guide"

 

# set the location of the pid file

if [ -z "$CATALINA_PID" ] ; then

    if [ -n "$CATALINA_BASE" ] ; then

        CATALINA_PID="$CATALINA_BASE"/work/catalina.pid

    elif [ -n "$CATALINA_HOME" ] ; then

        CATALINA_PID="$CATALINA_HOME"/work/catalina.pid

    fi

fi

export CATALINA_PID

 

PRGDIR=`dirname "$0"`

if [ -z "$CATALINA_BASE" ]; then

  if [ -z "$CATALINA_HOME" ]; then

    LOGBASE=$PRGDIR

    LOGTAIL=..

  else

    LOGBASE=$CATALINA_HOME

    LOGTAIL=.

  fi

else

  LOGBASE=$CATALINA_BASE

  LOGTAIL=.

fi

 

PUSHED_DIR=`pwd`

cd $LOGBASE

cd $LOGTAIL

LOGBASEABS=`pwd`

cd $PUSHED_DIR

 

echo ""

echo "Server startup logs are located in $LOGBASEABS/logs/catalina.out"

# IMPORTANT NOTE: Only set JAVA_HOME or JRE_HOME above this line

# Get standard Java environment variables

if $os400; then

  # -r will Only work on the os400 if the files are:

  # 1. owned by the user

  # 2. owned by the PRIMARY group of the user

  # this will not work if the user belongs in secondary groups

  . "$CATALINA_HOME"/bin/setjre.sh

else

  if [ -r "$CATALINA_HOME"/bin/setjre.sh ]; then

    . "$CATALINA_HOME"/bin/setjre.sh

  else

    echo "Cannot find $CATALINA_HOME/bin/setjre.sh"

    echo "This file is needed to run this program"

    exit 1

  fi

fi

 

echo "---------------------------------------------------------------------------"

echo "Using Java: $JRE_HOME/bin/java"

CONFLUENCE_CONTEXT_PATH=`$JRE_HOME/bin/java -jar $CATALINA_HOME/bin/confluence-context-path-extractor.jar $CATALINA_HOME`

export CONFLUENCE_CONTEXT_PATH

$JRE_HOME/bin/java -jar $CATALINA_HOME/bin/synchrony-proxy-watchdog.jar $CATALINA_HOME

echo "---------------------------------------------------------------------------"


 

# Set the JVM arguments used to start Confluence. For a description of the options, see

# http://www.oracle.com/technetwork/java/javase/tech/vmoptions-jsp-140102.html

CATALINA_OPTS="-XX:-PrintGCDetails -XX:+PrintGCDateStamps -XX:-PrintTenuringDistribution ${CATALINA_OPTS}"

CATALINA_OPTS="-Xloggc:$LOGBASEABS/logs/gc-`date +%F_%H-%M-%S`.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M ${CATALINA_OPTS}"

CATALINA_OPTS="-XX:G1ReservePercent=20 ${CATALINA_OPTS}"

CATALINA_OPTS="-Djava.awt.headless=true ${CATALINA_OPTS}"

CATALINA_OPTS="-Datlassian.plugins.enable.wait=300 ${CATALINA_OPTS}"

CATALINA_OPTS="-Xms10240m -Xmx10240m -XX:+UseG1GC ${CATALINA_OPTS}"

CATALINA_OPTS="-Dsynchrony.enable.xhr.fallback=true ${CATALINA_OPTS}"

CATALINA_OPTS="-Dorg.apache.tomcat.websocket.DEFAULT_BUFFER_SIZE=32768 ${CATALINA_OPTS}"

CATALINA_OPTS="${START_CONFLUENCE_JAVA_OPTS} ${CATALINA_OPTS}"

CATALINA_OPTS="-Dconfluence.context.path=${CONFLUENCE_CONTEXT_PATH} ${CATALINA_OPTS}"

CATALINA_OPTS="-XX:ReservedCodeCacheSize=256m -XX:+UseCodeCacheFlushing ${CATALINA_OPTS}"

CATALINA_OPTS="-Djdk.tls.trustNameService=true ${CATALINA_OPTS}"

export CATALINA_OPTS
0 votes

Hi , 

please try the below in setenv.sh. 

 

JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"

 

it works for me in confluence 5.10.2 data centre version. 

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Confluence

Confluence CVEs and common questions

Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...

888 views 0 19
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you