Jenkins connection to LDAP

Question

Ok, I am completely stumped here. I am running the Jenkins application (v1.635) for Mac OSX. I am trying to connect to Active Directory through the LDAP Security Realm. No matter what I try (and I have tried a good 30+ variants), the login fails and nothing gets written to the jenkins.log file.

I have ApacheDirectoryStudio installed and it connects flawlessly, so I know it is a Jenkins issue (and not a network or ACL issue).

The LDAP server is using a self-signed SSL certificate, which I installed into the relevant cacerts file.

Here's my LDAP configuration (minus the sensitive corporate stuff)

Server: ldaps://subdomain.domain.com:636
root DN: DC=domain,DC=com
User search base: OU=Users and Computers
User search filter: sAMAccountName={0}
Group search base: OU=Jenkins Groups,OU=Groups
Group search filter: (&(objectclass=group)(cn={0}))
Group membership: Parse user attribute for list of groups
    Group membership attribute: memberOf
Manager DN: CN=jenkins,OU=Users and Computers,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail
Disable Ldap Email Resolver: unchecked

Any help is greatly appreciated. Even getting the log file to spit out some info would be great.

Thanks!

Edit #1: Sometimes an exception does show up in the log file. Hopefully this helps.

    Nov 09, 2015 12:00:49 PM hudson.security.LDAPSecurityRealm$LDAPUserDetailsService loadUserByUsername
WARNING: Failed to search LDAP for username=myuser
org.acegisecurity.ldap.LdapDataAccessException: Unable to connect to LDAP server; nested exception is javax.naming.CommunicationException: subdomain.domain.com:636 [Root exception is java.net.SocketTimeoutException: Connect timed out]

Edit #2: I have to go to an 1 1/2 hour meeting, so my responses will be delayed. Sorry.

Answer 1

So it's not ideal, but I was able to get the connection to work with the plain ldap connection (not ldaps). All I can figure is that Apache Directory Studio is smarter than Jenkins when it comes to establishing the connection. I suspect there may be an issue with the self-signed SSL certificate chain that Jenkins can't quite figure out. I really wish there was more verbosity to the logs in this matter. But for now, I have it working and since it is behind the corporate firewalls, the non-secure connection is less of a risk. I still intend to figure out the root cause, but for now, this will have to do. Thanks for your suggestions.