Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAPS connection

Henrik Lund
Henrik Lund January 24, 2013

I would like to make an SSL connection to our LDAP directory from Stash, however the certificate the LDAP server is using, is not matching the DNS registration. And it's not an option to change it, because it involves too many dependencies from other systems using LDAP.

I've found this: https://confluence.atlassian.com/display/STASHKB/No+subject+alternative+DNS+name+matching+%3CHOST_NAME.DOMAIN_NAME%3E+found.

I think it's a bad idea to change the hosts file, so I the Data approach and changed the connection to LDAPS and port 636 + set the value ldap.secure to false. It partly worked (see attached screendump of the LDAP connection).

Can I fix this by change some values in the Database ?

BTW it would be nice if Stash had a setting to disabled Host Name validation. I've seen it done in other Java applications ;-)

Answer
Watch
Like Be the first to like this
603 views

4 answers

0 votes
Henrik Lund
Henrik Lund February 4, 2013

Obviously not in the Answer section. However in the Jira issue the screendump is attaached.

Reply
0 votes
twong_atlassian
twong_atlassian
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 31, 2013

Did the screendump not go through?

Reply
0 votes
Henrik Lund
Henrik Lund January 29, 2013

Hi,

Well If you read my question, a new certificate is not an option, and SSL must not match the DNS entry, this is only a security setting to prevent false certicates.

In a controlled environment you kan easily in JAVA disable the hostname validation. All I'm asking is a setting, so I can decide whether or not, host name validation should be enabled.

And I think Stash might have a bug, since 5 out of 6 steps was working when enabling LDAPS, only user authencation failed.

Reply
0 votes
LucasA
LucasA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 25, 2013

Hi,

I believe that the best approach is the creation of a new SSL cert for this case since SSL certs must match the DNS entry. You may use even an auto signed certificate for this.

Lucas Lima

Atlassian Support

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.