Jenkins and LDAPS connectivity issue

harishbabum · February 13, 2024, 4:52pm

Hi
We have multiple jenkins servers hosted on AWS ECS through docker image 2.387.3.
we use LDAPs for authentication but we started to see the problem with the login. we are only able to login only after multiple retry.
I tested the connection to LDAP server from one of the ec2 where jenkins is hosted by using the ldapsearch command and i get a response as expected. I don’t see the issue with the ldap server.
I see the following in the logs
1. WARNING h.security.LDAPSecurityRealm#throwUnlessConfigIsIgnorable: Failed communication with ldap server (ldaps://host:port), will not try the next configuration java.net.SocketTimeoutException: connect timed out
2. Caused: org.springframework.security.authentication.AuthenticationServiceException: Failed to search LDAP for user
3.Caused: org.springframework.ldap.CommunicationException: sldaps://host:port; nested exception is javax.naming.CommunicationException: ldaps://host:port [Root exception is java.net.SocketTimeoutException: connect timed out]
I does not look to be the network or ldap not being stable but looks like a jenkins internal issue. Any advise on how to resolve.
setup:
jenkins version: 2.387.3

Plugins:
jenkins_plugins:

name: ace-editor
version: “1.1”
description: “JavaScript GUI Lib: ACE Editor bundle plugin”
name: amazon-ecr
version: “1.114.vfd22430621f5”
description: “Amazon ECR plugin”
name: amazon-ecs
version: “1.48”
description: “Amazon Elastic Container Service (ECS) / Fargate plugin”
name: ansicolor
version: “1.0.4”
description: “AnsiColor”
name: antisamy-markup-formatter
version: “162.v0e6ec0fcfcf6”
description: “OWASP Markup Formatter Plugin”
name: apache-httpcomponents-client-4-api
version: “4.5.14-208.v438351942757”
description: “Apache HttpComponents Client 4.x API Plugin”
name: authentication-tokens
version: “1.53.v1c90fd9191a_b_”
description: “Authentication Tokens API Plugin”
name: aws-credentials
version: “218.v1b_e9466ec5da_”
description: “AWS Credentials Plugin”
name: aws-java-sdk
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: All”
name: aws-java-sdk-cloudformation
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: CloudFormation”
name: aws-java-sdk-codebuild
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: CodeBuild”
name: aws-java-sdk-ec2
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: EC2”
name: aws-java-sdk-ecr
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: ECR”
name: aws-java-sdk-ecs
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: ECS”
name: aws-java-sdk-efs
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: EFS”
name: aws-java-sdk-elasticbeanstalk
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: Elastic Beanstalk”
name: aws-java-sdk-iam
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: IAM”
name: aws-java-sdk-kinesis
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: kinesis”
name: aws-java-sdk-logs
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: Logs”
name: aws-java-sdk-minimal
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: Minimal”
name: aws-java-sdk-secretsmanager
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: Secrets Manager”
name: aws-java-sdk-sns
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: SNS”
name: aws-java-sdk-sqs
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: SQS”
name: aws-java-sdk-ssm
version: “1.12.606-418.vce5b_4cd017c6”
description: “Amazon Web Services SDK :: SSM”
name: aws-secrets-manager-credentials-provider
version: “1.214.va_0a_d8268d068”
description: “AWS Secrets Manager Credentials Provider”
name: badge
version: “1.9.1”
description: “Badge”
name: basic-branch-build-strategies
version: “81.v05e333931c7d”
description: “Basic Branch Build Strategies Plugin”
name: blueocean
version: “1.27.5.1”
description: “Blue Ocean”
name: blueocean-autofavorite
version: “1.2.5”
description: “Autofavorite for Blue Ocean”
name: blueocean-bitbucket-pipeline
version: “1.27.5.1”
description: “Bitbucket Pipeline for Blue Ocean”
name: blueocean-commons
version: “1.27.5.1”
description: “Common API for Blue Ocean”
name: blueocean-config
version: “1.27.5.1”
description: “Config API for Blue Ocean”
name: blueocean-core-js
version: “1.27.5.1”
description: “Blue Ocean Core JS”
name: blueocean-dashboard
version: “1.27.5.1”
description: “Dashboard for Blue Ocean”
name: blueocean-display-url
version: “2.4.2”
description: “Display URL for Blue Ocean”
name: blueocean-events
version: “1.27.5.1”
description: “Events API for Blue Ocean”
name: blueocean-executor-info
version: “1.27.5.1”
description: “DEPRECATED Blue Ocean Executor Info”
name: blueocean-git-pipeline
version: “1.27.5.1”
description: “Git Pipeline for Blue Ocean”
name: blueocean-github-pipeline
version: “1.27.5.1”
description: “GitHub Pipeline for Blue Ocean”
name: blueocean-i18n
version: “1.27.5.1”
description: “i18n for Blue Ocean”
name: blueocean-jira
version: “1.27.5.1”
description: “JIRA Integration for Blue Ocean”
name: blueocean-jwt
version: “1.27.5.1”
description: “JWT for Blue Ocean”
name: blueocean-personalization
version: “1.27.5.1”
description: “Personalization for Blue Ocean”
name: blueocean-pipeline-api-impl
version: “1.27.5.1”
description: “Pipeline implementation for Blue Ocean”
name: blueocean-pipeline-editor
version: “1.27.5.1”
description: “Blue Ocean Pipeline Editor”
name: blueocean-pipeline-scm-api
version: “1.27.5.1”
description: “Pipeline SCM API for Blue Ocean”
name: blueocean-rest
version: “1.27.5.1”
description: “REST API for Blue Ocean”
name: blueocean-rest-impl
version: “1.27.5.1”
description: “REST Implementation for Blue Ocean”
name: blueocean-web
version: “1.27.5.1”
description: “Web for Blue Ocean”
name: bootstrap4-api
version: “4.6.0-6”
description: “Bootstrap 4 API Plugin”
name: bootstrap5-api
version: “5.3.2-3”
description: “Bootstrap 5 API Plugin”
name: bouncycastle-api
version: “2.30.1.77-225.v26ea_c9455fd9”
description: “bouncycastle API Plugin”
name: branch-api
version: “2.1128.v717130d4f816”
description: “Branch API Plugin”
name: build-blocker-plugin
version: “1.7.9”
description: “Build Blocker Plugin”
name: build-discarder
version: “139.v05696a_7fe240”
description: “Build Discarder Plugin”
name: build-failure-analyzer
version: “2.5.0”
description: “Build Failure Analyzer”
name: build-timeout
version: “1.31”
description: “Build Timeout”
name: build-user-vars-plugin
version: “1.9”
description: “build user vars plugin”
name: caffeine-api
version: “3.1.8-133.v17b_1ff2e0599”
description: “Caffeine API Plugin”
name: checks-api
version: “2.0.2”
description: “Checks API plugin”
name: cloudbees-bitbucket-branch-source
version: “856.v04c46c86f911”
description: “Bitbucket Branch Source Plugin”
name: cloudbees-folder
version: “6.858.v898218f3609d”
description: “Folders Plugin”
name: command-launcher
version: “107.v773860566e2e”
description: “Command Agent Launcher Plugin”
name: commons-httpclient3-api
version: “3.1-3”
description: “Commons HttpClient 3.x API”
name: commons-lang3-api
version: “3.13.0-62.v7d18e55f51e2”
description: “commons-lang3 v3.x Jenkins API Plugin”
name: commons-text-api
version: “1.11.0-94.v3e1f4a_926e49”
description: “commons-text API Plugin”
name: conditional-buildstep
version: “1.4.3”
description: “Conditional BuildStep”
name: configuration-as-code
version: “1700.v6f448841296e”
description: “Configuration as Code Plugin”
name: copyartifact
version: “722.v0662a_9b_e22a_c”
description: “Copy Artifact Plugin”
name: credentials
version: “1311.vcf0a_900b_37c2”
description: “Credentials Plugin”
name: credentials-binding
version: “642.v737c34dea_6c2”
description: “Credentials Binding Plugin”
name: data-tables-api
version: “1.13.6-5”
description: “DataTables.net API Plugin”
name: display-url-api
version: “2.200.vb_9327d658781”
description: “Display URL API”
name: docker-commons
version: “439.va_3cb_0a_6a_fb_29”
description: “Docker Commons Plugin”
name: docker-workflow
version: “572.v950f58993843”
description: “Docker Pipeline”
name: durable-task
version: “523.va_a_22cf15d5e0”
description: “Durable Task Plugin”
name: ec2
version: “1609.v53b_02a_b_9e52d”
description: “Amazon EC2 plugin”
name: echarts-api
version: “5.4.0-7”
description: “ECharts API Plugin”
name: email-ext
version: “2.103”
description: “Email Extension Plugin”
name: envinject
version: “2.908.v66a_774b_31d93”
description: “Environment Injector Plugin”
name: envinject-api
version: “1.199.v3ce31253ed13”
description: “EnvInject API Plugin”
name: extended-choice-parameter
version: “376.v2e02857547b_a_”
description: “Extended Choice Parameter Plugin”
name: external-monitor-job
version: “215.v2e88e894db_f8”
description: “External Monitor Job Type Plugin”
name: favorite
version: “2.4.3”
description: “Favorite”
name: font-awesome-api
version: “6.5.1-1”
description: “Font Awesome API Plugin”
name: generic-webhook-trigger
version: “1.88.2”
description: “Generic Webhook Trigger Plugin”
name: git
version: “5.2.1”
description: “Git plugin”
name: git-client
version: “4.6.0”
description: “Git client plugin”
name: git-server
version: “99.va_0826a_b_cdfa_d”
description: “Git server Plugin”
name: github
version: “1.37.3.1”
description: “GitHub plugin”
name: github-api
version: “1.318-461.v7a_c09c9fa_d63”
description: “GitHub API Plugin”
name: github-branch-source
version: “1767.va_7d01ea_c7256”
description: “GitHub Branch Source Plugin”
name: greenballs
version: “1.15.1”
description: “Green Balls”
name: groovy-postbuild
version: “228.vcdb_cf7265066”
description: “Groovy Postbuild”
name: handlebars
version: “3.0.8”
description: “JavaScript GUI Lib: Handlebars bundle plugin”
name: handy-uri-templates-2-api
version: “2.1.8-22.v77d5b_75e6953”
description: “Handy Uri Templates 2.x API Plugin”
name: htmlpublisher
version: “1.32”
description: “HTML Publisher plugin”
name: http_request
version: “1.18”
description: “HTTP Request Plugin”
name: influxdb
version: “3.6”
description: “InfluxDB Plugin”
name: instance-identity
version: “185.v303dc7c645f9”
description: “Instance Identity”
name: ionicons-api
version: “56.v1b_1c8c49374e”
description: “Ionicons API”
name: jackson2-api
version: “2.15.3-363.v82c51b_de9f60”
description: “Jackson 2 API Plugin”
name: jakarta-activation-api
version: “2.0.1-3”
description: “Jakarta Activation API”
name: jakarta-mail-api
version: “2.0.1-3”
description: “Jakarta Mail API”
name: javadoc
version: “243.vb_b_503b_b_45537”
description: “Javadoc Plugin”
name: javax-activation-api
version: “1.2.0-6”
description: “JavaBeans Activation Framework (JAF) API”
name: javax-mail-api
version: “1.6.2-9”
description: “JavaMail API”
name: jaxb
version: “2.3.9-1”
description: “JAXB plugin”
name: jdk-tool
version: “73.vddf737284550”
description: “Oracle Java SE Development Kit Installer Plugin”
name: jenkins-design-language
version: “1.27.5.1”
description: “Design Language”
name: jersey2-api
version: “2.40-1”
description: “Jersey 2 API”
name: jira
version: “3.12”
description: “Jira plugin”
name: jjwt-api
version: “0.11.5-77.v646c772fddb_0”
description: “Java JSON Web Token (JJWT) Plugin”
name: job-dsl
version: “1.87”
description: “Job DSL”
name: job-restrictions
version: “0.8”
description: “Job Restrictions Plugin”
name: jobConfigHistory
version: “1229.v3039470161a_d”
description: “Job Configuration History Plugin”
name: jquery
version: “1.12.4-1”
description: “jQuery plugin”
name: jquery-detached
version: “1.2.1”
description: “JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin”
name: jquery3-api
version: “3.7.1-1”
description: “JQuery3 API Plugin”
name: jsch
version: “0.2.16-86.v42e010d9484b_”
description: “JSch dependency plugin”
name: junit
version: “1252.vfc2e5efa_294f”
description: “JUnit Plugin”
name: ldap
version: “711.vb_d1a_491714dc”
description: “LDAP Plugin”
name: lockable-resources
version: “1222.v3d55a_36d63e4”
description: “Lockable Resources plugin”
name: mailer
version: “463.vedf8358e006b_”
description: “Mailer Plugin”
name: matrix-auth
version: “3.2.1”
description: “Matrix Authorization Strategy Plugin”
name: matrix-project
version: “818.v7eb_e657db_924”
description: “Matrix Project Plugin”
name: maven-plugin
version: “3.23”
description: “Maven Integration plugin”
name: mercurial
version: “1260.vdfb_723cdcc81”
description: “Mercurial plugin”
name: metrics
version: “4.2.18-442.v02e107157925”
description: “Metrics Plugin”
name: mina-sshd-api-common
version: “2.11.0-86.v836f585d47fa_”
description: “Mina SSHD API :: Common”
name: mina-sshd-api-core
version: “2.11.0-86.v836f585d47fa_”
description: “Mina SSHD API :: Core”
name: momentjs
version: “1.1.1”
description: “JavaScript GUI Lib: Moment.js bundle plugin”
name: monitoring
version: “1.95.0”
description: “Monitoring”
name: nexus-artifact-uploader
version: “2.14”
description: “Nexus Artifact Uploader”
name: node-iterator-api
version: “55.v3b_77d4032326”
description: “Node Iterator API Plugin”
name: okhttp-api
version: “4.11.0-157.v6852a_a_fa_ec11”
description: “OkHttp Plugin”
name: pam-auth
version: “1.10”
description: “PAM Authentication plugin”
name: Parameterized-Remote-Trigger
version: “3.2.0”
description: “Parameterized Remote Trigger Plugin”
name: parameterized-scheduler
version: “255.v73827fcdf618”
description: “Parameterized Scheduler”
name: parameterized-trigger
version: “787.v665fcf2a_830b_”
description: “Parameterized Trigger plugin”
name: pipeline-aws
version: “1.43”
description: “Pipeline: AWS Steps”
name: pipeline-build-step
version: “540.vb_e8849e1a_b_d8”
description: “Pipeline: Build Step”
name: pipeline-github-lib
version: “42.v0739460cda_c4”
description: “Pipeline: GitHub Groovy Libraries”
name: pipeline-graph-analysis
version: “202.va_d268e64deb_3”
description: “Pipeline Graph Analysis Plugin”
name: pipeline-groovy-lib
version: “689.veec561a_dee13”
description: “Pipeline: Groovy Libraries”
name: pipeline-input-step
version: “477.v339683a_8d55e”
description: “Pipeline: Input Step”
name: pipeline-milestone-step
version: “111.v449306f708b_7”
description: “Pipeline: Milestone Step”
name: pipeline-model-api
version: “2.2150.v4cfd8916915c”
description: “Pipeline: Model API”
name: pipeline-model-declarative-agent
version: “1.1.1”
description: “Pipeline: Declarative Agent API”
name: pipeline-model-definition
version: “2.2150.v4cfd8916915c”
description: “Pipeline: Declarative”
name: pipeline-model-extensions
version: “2.2150.v4cfd8916915c”
description: “Pipeline: Declarative Extension Points API”
name: pipeline-rest-api
version: “2.34”
description: “Pipeline: REST API Plugin”
name: pipeline-stage-step
version: “305.ve96d0205c1c6”
description: “Pipeline: Stage Step”
name: pipeline-stage-tags-metadata
version: “2.2150.v4cfd8916915c”
description: “Pipeline: Stage Tags Metadata”
name: pipeline-stage-view
version: “2.34”
description: “Pipeline: Stage View Plugin”
name: pipeline-utility-steps
version: “2.16.0”
description: “Pipeline Utility Steps”
name: plain-credentials
version: “143.v1b_df8b_d3b_e48”
description: “Plain Credentials Plugin”
name: plugin-util-api
version: “3.8.0”
description: “Plugin Utilities API Plugin”
name: popper-api
version: “1.16.1-3”
description: “Popper.js API Plugin”
name: popper2-api
version: “2.11.6-4”
description: “Popper.js 2 API Plugin”
name: pubsub-light
version: “1.18”
description: “Pub-Sub "light" Bus”
name: rebuild
version: “330.v645b_7df10e2a_”
description: “Rebuilder”
name: resource-disposer
version: “0.23”
description: “Resource Disposer Plugin”
name: rich-text-publisher-plugin
version: “1.5”
description: “Rich Text Publisher Plugin”
name: run-condition
version: “1.7”
description: “Run Condition Plugin”
name: s3
version: “466.vf5b_3db_8e3eb_2”
description: “S3 publisher plugin”
name: saferestart
version: “0.7”
description: “Safe Restart Plugin”
name: scm-api
version: “676.v886669a_199a_a_”
description: “SCM API Plugin”
name: script-security
version: “1310.vf24a_dfce068b_”
description: “Script Security Plugin”
name: slack
version: “684.v833089650554”
description: “Slack Notification Plugin”
name: snakeyaml-api
version: “2.2-111.vc6598e30cc65”
description: “SnakeYAML API Plugin”
name: splunk-devops
version: “1.10.1”
description: “Splunk Plugin”
name: sse-gateway
version: “1.26”
description: “Server Sent Events (SSE) Gateway Plugin”
name: ssh-agent
version: “346.vda_a_c4f2c8e50”
description: “SSH Agent Plugin”
name: ssh-credentials
version: “308.ve4497b_ccd8f4”
description: “SSH Credentials Plugin”
name: ssh-slaves
version: “2.947.v64ee6b_f87b_c1”
description: “SSH Build Agents plugin”
name: sshd
version: “3.312.v1c601b_c83b_0e”
description: “SSH server”
name: structs
version: “325.vcb_307d2a_2782”
description: “Structs Plugin”
name: testng-plugin
version: “835.v51ed3da_fcc35”
description: “TestNG Results Plugin”
name: timestamper
version: “1.26”
description: “Timestamper”
name: token-macro
version: “384.vf35b_f26814ec”
description: “Token Macro Plugin”
name: trilead-api
version: “2.84.v72119de229b_7”
description: “Trilead API Plugin”
name: uno-choice
version: “2.8.1”
description: “Active Choices Plug-in”
name: variant
version: “60.v7290fc0eb_b_cd”
description: “Variant Plugin”
name: windows-slaves
version: “1.8.1”
description: “WMI Windows Agents Plugin”
name: workflow-aggregator
version: “596.v8c21c963d92d”
description: “Pipeline”
name: workflow-api
version: “1283.v99c10937efcb_”
description: “Pipeline: API”
name: workflow-basic-steps
version: “1042.ve7b_140c4a_e0c”
description: “Pipeline: Basic Steps”
name: workflow-cps
version: “3832.vc43e04d6d68c”
description: “Pipeline: Groovy”
name: workflow-cps-global-lib
version: “609.vd95673f149b_b”
description: “Pipeline: Deprecated Groovy Libraries”
name: workflow-durable-task-step
version: “1313.vcb_970b_d2a_fb_3”
description: “Pipeline: Nodes and Processes”
name: workflow-job
version: “1326.ve643e00e9220”
description: “Pipeline: Job”
name: workflow-multibranch
version: “756.v891d88f2cd46”
description: “Pipeline: Multibranch”
name: workflow-scm-step
version: “415.v434365564324”
description: “Pipeline: SCM Step”
name: workflow-step-api
version: “639.v6eca_cd8c04a_a_”
description: “Pipeline: Step API”
name: workflow-support
version: “865.v43e78cc44e0d”
description: “Pipeline: Supporting APIs”
name: ws-cleanup
version: “0.45”
description: “Workspace Cleanup Plugin”

Ravi1 · May 31, 2024, 2:38am

Did you get the solution to this issue ?, currently I’m facing similar kind of problem.

Topic		Replies	Views
Running Jenkins in ECS cannot get LDAP to work Ask a question docker	0	753	April 21, 2023
LDAP connection test keeps failing Using Jenkins question	11	5177	November 14, 2022
Getting a 504 error when configuring LDAP for my Jenkins instance Using Jenkins	3	471	September 14, 2023
SAMBA AD Cannot form LDAP authentication Using Jenkins question , pipeline	1	95	June 11, 2024
LDAP error "unable to find valid certification path" Ask a question	3	1473	December 14, 2023

Jenkins and LDAPS connectivity issue

Related Topics