Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-11643

v1.21 produces exception shortly after login: org.acegisecurity.AuthenticationServiceException: Unable to retrieve the user information without bind DN/password configured

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • None
    • Windows Server 2008

      After upgrading to v.21 of the active directory plugin we frequently see this error in the browser on the client. I did not see any errors in http://server/log/all. I can reproduce fairly regularly by doing login as a valid user everything workers ok. Then after a few minutes the error occurs. Specifically if I go to Manage Jenkins/Configure System. Initially under Access control/authorization the users appear correctly. When the exception occurs ERROR appears instead of the users. If I clear the browser cookies I can access jenkins again. I have reproduced the client on mac and windows with both chrome and firefox. The error is:

      HTTP Status 500 -

      type Exception report

      message

      description The server encountered an internal error () that prevented it from fulfilling this request.

      exception

      org.acegisecurity.AuthenticationServiceException: Unable to retrieve the user information without bind DN/password configured
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:125)
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:101)
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:67)
      hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:18)
      org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.loadUserDetails(TokenBasedRememberMeServices.java:308)
      org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.autoLogin(TokenBasedRememberMeServices.java:218)
      org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:104)
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      note The full stack trace of the root cause is available in the Apache Tomcat/7.0.11 logs.

          [JENKINS-11643] v1.21 produces exception shortly after login: org.acegisecurity.AuthenticationServiceException: Unable to retrieve the user information without bind DN/password configured

          Dan Schaffer created issue -

          This problem is caused by our not being able to support "remember me" feature with AD.

          The root fix requires core change to use User.impersonate for auto-login. Disabling the remember me support for AD in the mean time.

          Kohsuke Kawaguchi added a comment - This problem is caused by our not being able to support "remember me" feature with AD. The root fix requires core change to use User.impersonate for auto-login. Disabling the remember me support for AD in the mean time.

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
          src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
          src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
          src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
          http://jenkins-ci.org/commit/active-directory-plugin/00d5f5259c73555192a2808110d66abe73b56eea
          Log:
          JENKINS-11643 RememberMe doesn't work with AD in certain mode.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/00d5f5259c73555192a2808110d66abe73b56eea Log: JENKINS-11643 RememberMe doesn't work with AD in certain mode.

          dogfood added a comment -

          Integrated in plugins_active-directory #44
          JENKINS-11643 RememberMe doesn't work with AD in certain mode.

          Kohsuke Kawaguchi :
          Files :

          • src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
          • src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
          • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
          • src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java

          dogfood added a comment - Integrated in plugins_active-directory #44 JENKINS-11643 RememberMe doesn't work with AD in certain mode. Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java

          I still get the exception with Jenkins 1.440 and AD plugin v.22 when I try to add a new user/group to the project based authorization matrix. The "user/group" ends up being "ERROR" no matter what I supply as name.

          Christoffer Børrild added a comment - I still get the exception with Jenkins 1.440 and AD plugin v.22 when I try to add a new user/group to the project based authorization matrix. The "user/group" ends up being "ERROR" no matter what I supply as name.

          aflat added a comment -

          I also get this error, using the jankins-cli, AD 1.22 and Jenkins 1.439

          aflat added a comment - I also get this error, using the jankins-cli, AD 1.22 and Jenkins 1.439

          aflat added a comment -

          I get something similar to Christoffer, when I try to configure a job, with project based auth, some of the users get replaced with ERROR, clicking on error expands it, to show a 403 error. Trying to save the job brings me to the Jenkins login page. Attached my log ADerrorLog2.txt

          aflat added a comment - I get something similar to Christoffer, when I try to configure a job, with project based auth, some of the users get replaced with ERROR, clicking on error expands it, to show a 403 error. Trying to save the job brings me to the Jenkins login page. Attached my log ADerrorLog2.txt
          aflat made changes -
          Attachment New: ADerrorLog2.txt [ 21077 ]

          aflat added a comment -

          It looks like when I configurea matrix based security job Jenkins is trying to validate all the user/passwords for all the users listed in the matrix, even though we don't have passwords for all those users. That's why my username listed in the matrix doesn't show ERROR link.

          aflat added a comment - It looks like when I configurea matrix based security job Jenkins is trying to validate all the user/passwords for all the users listed in the matrix, even though we don't have passwords for all those users. That's why my username listed in the matrix doesn't show ERROR link.

          aflat added a comment -

          I was able to reproduce it with the git sources as well, running in debug mode.

          1. Set up AD security in Manage Jenkins, add yourself as an admin
          2. Create a new job.
          3. Configure the job, and add Matrix based security, add another user to the matrix, that isn't you, then save the job.
          4. Configure the job again, and you should see ERROR instead of the other user.

          aflat added a comment - I was able to reproduce it with the git sources as well, running in debug mode. 1. Set up AD security in Manage Jenkins, add yourself as an admin 2. Create a new job. 3. Configure the job, and add Matrix based security, add another user to the matrix, that isn't you, then save the job. 4. Configure the job again, and you should see ERROR instead of the other user.

            Unassigned Unassigned
            danscha Dan Schaffer
            Votes:
            4 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: