Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-10305

when using Active Directory Authentication, all CLI commands can only be run as Annonymous

      You cannot specify a username:

      java -jar jenkins-cli.jar -s http://ci.example.com:8080 login --username asdf --password asdf
      "--username" is not a valid option
      java -jar jenkins-cli.jar login args...
      Saves the current credential to allow future commands to run without explicit credential information

      and cant use the login command

      java -jar jenkins-cli.jar -s http://ci.example.com:8080 login

      org.acegisecurity.userdetails.UsernameNotFoundException: Active-directory plugin doesn't support user retrieval
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.loadUserByUsername(ActiveDirectoryUnixAuthenticationProvider.java:71)
      at hudson.security.SecurityRealm.loadUserByUsername(SecurityRealm.java:305)
      at hudson.cli.ClientAuthenticationCache.set(ClientAuthenticationCache.java:94)
      at hudson.cli.LoginCommand.run(LoginCommand.java:37)
      at hudson.cli.CLICommand.main(CLICommand.java:184)
      at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:82)
      at sun.reflect.GeneratedMethodAccessor587.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:616)
      at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:274)
      at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:255)
      at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:215)
      at hudson.remoting.UserRequest.perform(UserRequest.java:118)
      at hudson.remoting.UserRequest.perform(UserRequest.java:48)
      at hudson.remoting.Request$2.run(Request.java:287)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
      at java.util.concurrent.FutureTask.run(FutureTask.java:166)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
      at java.lang.Thread.run(Thread.java:636)

          [JENKINS-10305] when using Active Directory Authentication, all CLI commands can only be run as Annonymous

          With the modern SSH public key based authentication, I consider this issue resolved.

          See https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI for more details about how to do it.

          Kohsuke Kawaguchi added a comment - With the modern SSH public key based authentication, I consider this issue resolved. See https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI for more details about how to do it.

          no this exception still happens when SSH login is working properly.

          I can run all other commands via ssh key authentication, and the login command dies with this exception.

          arthur ulfeldt added a comment - no this exception still happens when SSH login is working properly. I can run all other commands via ssh key authentication, and the login command dies with this exception.

          I'm having a similar problem, in that I can't build any project with the error "No such job 'WAS-GW'" unless anonymous has been granted the "Read" permissions to Jobs. I'm not sure if there is another JIRA to cover this scenario.

          Walter Kacynski added a comment - I'm having a similar problem, in that I can't build any project with the error "No such job 'WAS-GW'" unless anonymous has been granted the "Read" permissions to Jobs. I'm not sure if there is another JIRA to cover this scenario.

          Maybe this is related to JENKINS-1555 ?

          Walter Kacynski added a comment - Maybe this is related to JENKINS-1555 ?

          I have done some more testing, and SSH with AD works provided the user is added directly to the security matrix table. Using group based permissions do not work.

          Walter Kacynski added a comment - I have done some more testing, and SSH with AD works provided the user is added directly to the security matrix table. Using group based permissions do not work.

            Unassigned Unassigned
            arthurulfeldt arthur ulfeldt
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: