LDAPS configuration with Active Directory
I have been using LDAP with Active Directory for several years now without problems; recently we have been trying to switch from LDAP to LDAPS. However, I am finding the authentication attempts now failing with the following errors:
Error while retrieving LDAP users, skipping users synchronization: LDAP search operation returned an error while retrieving users. While initializing LDAP connection. Inaccessible or wrong server specified in the LDAP configuration? Check 'java.naming.provider.url' property (current value: 'ldaps://myorganisation.com.au:636/DC=myorganisation,DC=com,DC=au'). Original error: org.springframework.ldap.CommunicationException: simple bind failed: aussiepay.com.au:636; nested exception is javax.naming.CommunicationException: simple bind failed: myorganisation.com.au:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Skipping groups synchronization as user synchronization failed with an error
Am I right in thinking that I need to export a certificate from the AD server and import it into the JRE keystore? If so, which certificate? I am currently using TeamCity 2019.1.1 on Windows Server 2012. Are there any guidelines/is there any documentation on getting LDAPS set up with TeamCity?
Please sign in to leave a comment.
Hi David,
while we don't have specific instructions for setting up LDAPS, your assumption should be correct. That error message ("unable to find valid certification path to requested target") exactly means that the JVM was unable to find a valid certificate to connect to the server. Here's our documentation on adding certificates: https://www.jetbrains.com/help/teamcity/uploading-ssl-certificates.html
Regarding how to get the certificate, in order to set LDAPS, you should have added a certificate to it. We have more details about what and how in our documentation as well: https://www.jetbrains.com/help/teamcity/using-https-to-access-teamcity-server.html#UsingHTTPStoaccessTeamCityserver-ConfiguringJVM
Hey David Keaveny
I am trying to configure LDAP for the first time to our TC server.
Our requirement is to enable the TC to use the AD for the users and Groups to sync and Add the AD groups directly to the teamcity instead creating the groups manually in Teamcity.
I tried to enable LDAP as like below configuration but I was not able to get through it with out errors.
I tried to use the provider as like below and other setting in the ldap.properties file
java.naming.provider.url=ldap://domain.companyname.com:389/DC=domain,DC=company,DC=com
java.naming.security.principal=CN=LDAPuser,DC=domain,DC=company,DC=com
java.naming.security.credentials=XXXX
teamcity.users.base=OU=.is-developers,OU=Our Developers Group
teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)
teamcity.users.username=sAMAccountName
java.naming.referral=follow
java.naming.security.authentication=simple
teamcity.auth.loginFilter=.*
teamcity.users.filter=(objectClass=user)
Let me know if anything is wrong in the above configuration or let me know the sample configuration i should use.
like i have a ldap user which has a read access to our AD and I am trying to configure the group and users from our AD and I should be able to signin with our AD user account directly to our teamcity login.