It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Unable to connect Confluence to Samba 4 Active Directory PDC

Mirco Stange Nov 29, 2017

I am trying to connect Confluence (6.3) to an Active Directory Primary Domain Controller (PDC) provided by Samba 4 as a user directory.

This is a simple small office setup, but I am unable to get it to work. 

I selected 'Active Directory' provided a host name, did not select SSL (since no certificate would be in use) and provided a base dsn (dc=xxx,dc=lan).

The quick test is green, but the next test returns "LDAP: error code 1 - 00002020: Operation unavailable without authentication". I guess I need to also provide a user.

Also configuring an admin account results in the quick test failing with "LDAP: error code 8 - BindSimple: Transport encryption required". I could not find any info on this, other than an old JIRA ticket (JRASERVER-24106) recommending to use either SSL (not possible, results in SSLHandshakeException: java.security.cert.CertificateException: No name matching xxxx found) or reconfigure LDAP Server Signing Requirements in AD. 

Other than that, there is no info. Is something wrong with my setup or my AD/Samba 4? Is this normally supposed to work?

1 answer

0 votes
Ann Worley Atlassian Team Jun 25, 2018

Apparently Samba AD requires encryption:

Samba4 and sssd authentication not working due "Transport encryption required."

Samba now requires SSL/TLS for LDAP
binds. Once you have enabled TLS in sssd, everything should work. While
you can turn off the requirement in Samba, it's a bad idea, as it'll
result in unencrypted passwords being sent over the network.

Please see Configuring an SSL Connection to Active Directory

Basically, The Java supporting Confluence does not trust the SSL certificate served by AD. Importing the AD certificate into the Confluence Java truststore (usually distinct from the keystore served by Confluence and usually called "cacerts") located in your Java directory for example:

$JAVA_HOME/jre/lib/security/cacerts

SSL for Confluence is a free plugin that may expedite the process.

Thanks,

Ann

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Confluence

6 Awesome Ways to Apply Trello, JIRA and Confluence to your Project

I attended  Atlassian Summit 2019  and learned a lot from the presenters, attendees and knowledgeable Atlassian product managers. The presentations I attended focused on applying Agile, pla...

1,124 views 7 18
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you