Connecting JIRA to Active Directory over LDAPS fails with "Connection reset"

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Fisheye および Crucible は除く

問題

When setting up an Active Directory connection in JIRA over LDAPS (Secure LDAP), the synchronization will fail with the below error message.

2015-06-20 17:36:28,373 atlassian-scheduler-quartz1.clustered_Worker-3 ERROR      [atlassian.scheduler.core.JobLauncher] Scheduled job with ID 'com.atlassian.jira.crowd.embedded.JiraDirectoryPollerManager.10401' failed
org.springframework.ldap.CommunicationException: 192.168.1.100:636; nested exception is javax.naming.CommunicationException: 192.168.1.100:636 [Root exception is java.net.SocketException: Connection reset]

診断

環境

  • Active Directory 2012 (and R2) connected over LDAPS;
  • Java 8;

(info) Other environments might be affected as well, in case you face a problem such as this one, please inform environment specifications on the comments.

Diagnostic Steps

  • Analyzing a tcpdump generated during the synchronization attempt will show multiple RST packets sent by the AD server;

原因

By default, JIRA only uses pooled connections when connecting to a directory server over LDAP. Enabling SSL causes it to disable the pooling, resulting in poorer performance and failures due to connection resets. 

回避策

In order to circumvent the problem, we can enable the SSL connections pooling by adding the below argument to JIRA's startup options.

-Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl'

ソリューション

The inclusion of this startup parameter by default has been suggested on JRA-41025 - Getting issue details... STATUS .

Last modified on Mar 30, 2016

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.