Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-12619

"Failed to test the validity of the user name" on all security matrices since upgrade

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • Jenkins 1.450, plugin version 1.26
      Windows Server 2003, non-domain server
      Installed as local user
      Our Windows domain name specified in configuration as ourdomain.co.uk

      Upgraded plugin to version 1.26 just after upgrading Jenkins to 1.450

      Now get message "Failed to test the validity of the user name x" wherever there is a security checkbox matrix.

      Everything seems to work alright still as far as I can tell.

      Stack trace:
      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for x; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ourdomain,DC=co,DC=uk'
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:231)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:130)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:95)
      at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:27)
      at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:551)
      at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:304)
      at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
      at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:159)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
      at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Unknown Source)
      Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ourdomain,DC=co,DC=uk'
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
      at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:191)
      ... 63 more

          [JENKINS-12619] "Failed to test the validity of the user name" on all security matrices since upgrade

          Adam Wu added a comment - - edited

          have you set DN name & DN password? (you should better to use an admin user & password) and Try to user logging to find more info:
          If you think you've configured everything correctly but still not being able to login (or any other problems), please enable Logging and configure logging level for "hudson.plugins.active_directory" to ALL. Attempt a login and then file a ticket with the log output.

          Adam Wu added a comment - - edited have you set DN name & DN password? (you should better to use an admin user & password) and Try to user logging to find more info: If you think you've configured everything correctly but still not being able to login (or any other problems), please enable Logging and configure logging level for "hudson.plugins.active_directory" to ALL. Attempt a login and then file a ticket with the log output.

          It seems that in my case it's a v1.500 issue.
          With v1.499 it works as expected
          (as well as it worked a couple of months before).

          With v1.500 when same CLI command executed two times, it fails in one of them.

          I will try to get more logs.

          Viktor Tarasov added a comment - It seems that in my case it's a v1.500 issue. With v1.499 it works as expected (as well as it worked a couple of months before). With v1.500 when same CLI command executed two times, it fails in one of them. I will try to get more logs.

          Markus KARG added a comment -

          I have the same problem. Jenkins 1.501 on Tomcat 6 / JDK 1.6.0_18 / Debian 6 / x86 talking to single-DC domain (not a particular host / no forest) running on Windows 2K3. Authentication and authorization actually is working fine, but the matrix roles view still says the Bind-DN is missing. But actually bind-DN and bind-PWD is provided and correct. Please tell me what I need to test / provide for you, and I post anything you like, just to get this fixed!

          Markus KARG added a comment - I have the same problem. Jenkins 1.501 on Tomcat 6 / JDK 1.6.0_18 / Debian 6 / x86 talking to single-DC domain (not a particular host / no forest) running on Windows 2K3. Authentication and authorization actually is working fine, but the matrix roles view still says the Bind-DN is missing. But actually bind-DN and bind-PWD is provided and correct. Please tell me what I need to test / provide for you, and I post anything you like, just to get this fixed!

          David Aldrich added a comment -

          Hi

          I am running Jenkins LTS 1.480.3. We have been seeing this error:

          "Failed to test the validity of the user name x"

          when 'Project-based Matrix Authorization Strategy' is selected in the Configuration screen.

          for a long time.

          Any chance of a fix soon please?

          David

          David Aldrich added a comment - Hi I am running Jenkins LTS 1.480.3. We have been seeing this error: "Failed to test the validity of the user name x" when 'Project-based Matrix Authorization Strategy' is selected in the Configuration screen. for a long time. Any chance of a fix soon please? David

          Jeff Burke added a comment -

          I have these symptoms sporadically on Windows 2k8r2 w/Jenkins 1.519 and AD plugin v1.33. I am also using Role-based Authorization Strategy v 1.1.2. I can view the /role-strategy/assign-roles screen without errors, and then it will refresh w/some of the Active Directory groups replaced with "Failed to test validity of the user name" in red with the below call stack.

          Jeff Burke added a comment - I have these symptoms sporadically on Windows 2k8r2 w/Jenkins 1.519 and AD plugin v1.33. I am also using Role-based Authorization Strategy v 1.1.2. I can view the /role-strategy/assign-roles screen without errors, and then it will refresh w/some of the Active Directory groups replaced with "Failed to test validity of the user name" in red with the below call stack.

          Makareswar Rout added a comment - - edited

          No error more

          Makareswar Rout added a comment - - edited No error more

          I was also experiencing the same issue.But I have fixed the same at Jenkin end.We need to do an extra setup as below :

          Manage Jenkins-> Configure Global Security -> Access Control -> Select Active Directory and in Advanced TAB do below changes.
          Domain NAme:domain name (example : Enterprisenet.org)
          Domain Controller :LDAP-Server ) (example:LDAP-OLDS.enterprisenet.org:3268)
          Bind DN: domain\userid
          Bind PAssword: ***************

          note : Site could be kept as blank.

          Test Result should be : Success

          Recently, I have added and the error is no more.

          Makareswar Rout added a comment - I was also experiencing the same issue.But I have fixed the same at Jenkin end.We need to do an extra setup as below : Manage Jenkins-> Configure Global Security -> Access Control -> Select Active Directory and in Advanced TAB do below changes. Domain NAme:domain name (example : Enterprisenet.org) Domain Controller :LDAP-Server ) (example:LDAP-OLDS.enterprisenet.org:3268) Bind DN: domain\userid Bind PAssword: *************** note : Site could be kept as blank. Test Result should be : Success Recently, I have added and the error is no more.

          Attached the screen shot before and after fixing.

          Makareswar Rout added a comment - Attached the screen shot before and after fixing.

          David Aldrich added a comment -

          Thanks for your notes Makarewar. We were able to fix our manifestation of this problem by specifying a BIND DN and BIND PASSWORD in Advanced settings, as you suggested. We left Domain Controller and Site blank, but did specify a Domain Name.

          David Aldrich added a comment - Thanks for your notes Makarewar. We were able to fix our manifestation of this problem by specifying a BIND DN and BIND PASSWORD in Advanced settings, as you suggested. We left Domain Controller and Site blank, but did specify a Domain Name .

          Thanks makareswar ! I was able to connect our AD server successfully.

          prashant kumar added a comment - Thanks makareswar ! I was able to connect our AD server successfully.

            makareswar Makareswar Rout
            tomfanning Tom Fanning
            Votes:
            18 Vote for this issue
            Watchers:
            24 Start watching this issue

              Created:
              Updated:
              Resolved: