-
Bug
-
Resolution: Fixed
-
Major
-
Jenkins 1.450, plugin version 1.26
Windows Server 2003, non-domain server
Installed as local user
Our Windows domain name specified in configuration as ourdomain.co.uk
Upgraded plugin to version 1.26 just after upgrading Jenkins to 1.450
Now get message "Failed to test the validity of the user name x" wherever there is a security checkbox matrix.
Everything seems to work alright still as far as I can tell.
Stack trace:
org.acegisecurity.BadCredentialsException: Failed to retrieve user information for x; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ourdomain,DC=co,DC=uk'
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:231)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:130)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:95)
at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:27)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:551)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:304)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
at org.kohsuke.stapler.Stapler.service(Stapler.java:159)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ourdomain,DC=co,DC=uk'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:191)
... 63 more
- is duplicated by
-
-
- Resolved
-
- is related to
-
-
- Open
-
[JENKINS-12619] "Failed to test the validity of the user name" on all security matrices since upgrade
I have the same issue on Ubuntu 10.4 using the "Project-based Matrix Authorization Strategy"
Flominator
added a comment - Same here on Windows XP Pro SP2. We went back to 1.16 from http://updates.jenkins-ci.org/download/plugins/ and it worked like a charm.
Flominator
added a comment - Same here on Windows XP Pro SP2. We went back to 1.16 from http://updates.jenkins-ci.org/download/plugins/ and it worked like a charm. Same here FreeBSD 8.2, happening on Jenkins 1.454 with AD 1.26. Everything appears to be working, however (as others have also stated)
Same here on Windows 7 Pro SP1 running under a domain account. Downgrading to 1.16 seems to fix it.
Jacob Robertson
added a comment - Reproduced exactly on windows server 2008. Jenkins 1.447.1 and AD plugin 1.26.
Seems fixed after downgrading to 1.16 - why did we choose that version?
Jacob Robertson
added a comment - Reproduced exactly on windows server 2008. Jenkins 1.447.1 and AD plugin 1.26.
Seems fixed after downgrading to 1.16 - why did we choose that version? Same issue on CentOS 6.2, with Jenkins 1.454 and AD plugin 1.26.
We downgraded to AD plugin 1.23 (previously installed version), and the problem seems to be fixed.
Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
http://jenkins-ci.org/commit/active-directory-plugin/5e7a25fb02ef8b7649938a258d3e741d2ddc7c8a
Log:
[FIXED JENKINS-12619] improved the error handling.
If AD doesn't allow anonymous bind, it can still pass the bind method OK
but fail only when we actually try to query. detect that and recover
gracefully.
Integrated in 
plugins_active-directory #60
[FIXED JENKINS-12619] improved the error handling. (Revision 5e7a25fb02ef8b7649938a258d3e741d2ddc7c8a)
Result = SUCCESS
Kohsuke Kawaguchi :
Files :
- src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
Carl Lambert
added a comment - I think I might be missing something here?
I've recently upgraded to jenkins 1.472 and have just installed AD plugin 1.29
Jenkins is installed as a service on a win2k3 server that is a member of the domain.
the service is running as "Local System"
I can authenticate fine, but I still have the problem listed above with the security matrices. although the stake trace suggests a slightly different cause.
25-Jun-2012 16:28:18 hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
WARNING: Credential exception tying to authenticate against DOMAINNAME domain
org.acegisecurity.BadCredentialsException: Failed to retrieve user information for USERNAME; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'DC=DOMAINNAME'
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:306)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134)
at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:582)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:304)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488)
at org.kohsuke.stapler.Stapler.service(Stapler.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'DC=DOMAINNAME'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)
... 72 more
Any Ideas?
Carl Lambert
added a comment - I think I might be missing something here?
I've recently upgraded to jenkins 1.472 and have just installed AD plugin 1.29
Jenkins is installed as a service on a win2k3 server that is a member of the domain.
the service is running as "Local System"
I can authenticate fine, but I still have the problem listed above with the security matrices. although the stake trace suggests a slightly different cause.
25-Jun-2012 16:28:18 hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
WARNING: Credential exception tying to authenticate against DOMAINNAME domain
org.acegisecurity.BadCredentialsException: Failed to retrieve user information for USERNAME; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ] ; remaining name 'DC=DOMAINNAME'
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:306)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134)
at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:582)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:304)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488)
at org.kohsuke.stapler.Stapler.service(Stapler.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ] ; remaining name 'DC=DOMAINNAME'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)
... 72 more
Any Ideas? 
Byron Brummer
added a comment - Never fixed. Byron Brummer
added a comment - Still broken with latest 1.30 plugin, effectively a blocker at it causes any use of matrix authz to lock out AD accounts. I'm not sure why this was ever set to Fixed? We're stuck on version 1.16 until this is resolved.
Byron Brummer
added a comment - Still broken with latest 1.30 plugin, effectively a blocker at it causes any use of matrix authz to lock out AD accounts. I'm not sure why this was ever set to Fixed? We're stuck on version 1.16 until this is resolved. 
Chris Williams
added a comment - I can reproduce this on Win2k8R2 but it works on RHEL5:
Jenkins 1.480.2, Jenkins AD plugin 1.30
On RHEL5, I can see the fields "Site", "Bind DN", "Bind Password", and the button "Test" on the Jenkins Config page. Using Project-based Matrix Auth, both individual users and groups are validated properly. The master config.xml file contains tags for both <bindName> and <bindPassword>.
On Win2k8R2, Jenkins running as a Windows service using a domain account, I do not see the Site/Bind DN/Bind Password fields nor the Test button. I only get "Domain Name" and "Domain controller". Using either Matrix auth, both individual and groups fail to validate and throw the org.acegisecurity.BadCredentialsException error listed above. The master config.xml file contains only a <bindPassword> tag, presumably the value of the encrypted password is the password from the domain account used for the Windows service. If I manually add a <bindName> entry to config.xml and reload, Jenkins fails to start and throws the same BadCred exception.
Chris Williams
added a comment - I can reproduce this on Win2k8R2 but it works on RHEL5:
Jenkins 1.480.2, Jenkins AD plugin 1.30
On RHEL5, I can see the fields "Site", "Bind DN", "Bind Password", and the button "Test" on the Jenkins Config page. Using Project-based Matrix Auth, both individual users and groups are validated properly. The master config.xml file contains tags for both <bindName> and <bindPassword>.
On Win2k8R2, Jenkins running as a Windows service using a domain account, I do not see the Site/Bind DN/Bind Password fields nor the Test button. I only get "Domain Name" and "Domain controller". Using either Matrix auth, both individual and groups fail to validate and throw the org.acegisecurity.BadCredentialsException error listed above. The master config.xml file contains only a <bindPassword> tag, presumably the value of the encrypted password is the password from the domain account used for the Windows service. If I manually add a <bindName> entry to config.xml and reload, Jenkins fails to start and throws the same BadCred exception. 
Adam Wu
added a comment - First, you have to verify whether the anonymous binding is set on your DC? most of time is set to off, and the security won't allow you to turn it on. So you must have an identify of the domain to query the user list on the domain.
I have successful configure two CI master, one on Windows, one on RHEL. On RHEL, when the Bind DN/Bind Password is empty, I noticed the "Failed to test the validity of the user name" on some users.Once I set the Bind DN/Bind Password to an normal user account of the domain, I got the same error. But when I set the DN/Password to an admin level user name, the warning is gone, and all user can be validated. It seems that this is related to whether the user account has right to query the user list on the AD. On Windows CI master, the easiet way is to add CI mater to the domain.
And use the jenkins log as descibed in the ad plugin web page helps a lot to solve these kind of issues.
Adam Wu
added a comment - First, you have to verify whether the anonymous binding is set on your DC? most of time is set to off, and the security won't allow you to turn it on. So you must have an identify of the domain to query the user list on the domain.
I have successful configure two CI master, one on Windows, one on RHEL. On RHEL, when the Bind DN/Bind Password is empty, I noticed the "Failed to test the validity of the user name" on some users.Once I set the Bind DN/Bind Password to an normal user account of the domain, I got the same error. But when I set the DN/Password to an admin level user name, the warning is gone, and all user can be validated. It seems that this is related to whether the user account has right to query the user list on the AD. On Windows CI master, the easiet way is to add CI mater to the domain.
And use the jenkins log as descibed in the ad plugin web page helps a lot to solve these kind of issues. It seems I have the same issue with jenkins-1.500 and ADplugin-1.30.
Master on SLES-11.
50% of cli command fails due to the 'Failed to retrieve user information ...' error.
The log from the client side:
- First attempt
$ cat config.xml | java -jar jenkins-cli.jar -s <jenkins-url> update-job <job-name>
Exception in thread "main" java.io.EOFException
at java.io.DataInputStream.readBoolean(DataInputStream.java:244)
at hudson.cli.Connection.readBoolean(Connection.java:95)
at hudson.cli.CLI.authenticate(CLI.java:604)
at hudson.cli.CLI._main(CLI.java:444)
at hudson.cli.CLI.main(CLI.java:374) - Second one
$ cat config.xml | java -jar jenkins-cli.jar -s <jenkins-url> update-job <job-name>
$
The logs from server:
Feb 6, 2013 10:16:21 AM hudson.TcpSlaveAgentListener$ConnectionHandler run
INFO: Accepted connection #33 from /172.28.16.3:33475
Feb 6, 2013 10:16:21 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
WARNING: Failed to retrieve user information for jenkins
Throwable occurred: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; Remaining name: 'DC=XXXXXXXX-sa,DC=local'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3093)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1761)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1778)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:406)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:388)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:370)
at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)
...............
Feb 6, 2013 10:16:21 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
WARNING: Credential exception tying to authenticate against XXXXXXXX-sa.local domain
Throwable occurred: org.acegisecurity.BadCredentialsException: Failed to retrieve user information for jenkins; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; Remaining name: 'DC=XXXXXXXX-sa,DC=local'
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:306)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134)
at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:582)
at hudson.model.User.impersonate(User.java:255)
at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44)
at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; Remaining name: 'DC=XXXXXXXX-sa,DC=local'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3093)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1761)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1778)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:406)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:388)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:370)
at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)
Viktor Tarasov
added a comment - - edited It seems I have the same issue with jenkins-1.500 and ADplugin-1.30.
Master on SLES-11.
50% of cli command fails due to the 'Failed to retrieve user information ...' error.
The log from the client side:
First attempt
$ cat config.xml | java -jar jenkins-cli.jar -s <jenkins-url> update-job <job-name>
Exception in thread "main" java.io.EOFException
at java.io.DataInputStream.readBoolean(DataInputStream.java:244)
at hudson.cli.Connection.readBoolean(Connection.java:95)
at hudson.cli.CLI.authenticate(CLI.java:604)
at hudson.cli.CLI._main(CLI.java:444)
at hudson.cli.CLI.main(CLI.java:374)
Second one
$ cat config.xml | java -jar jenkins-cli.jar -s <jenkins-url> update-job <job-name>
$
The logs from server:
Feb 6, 2013 10:16:21 AM hudson.TcpSlaveAgentListener$ConnectionHandler run
INFO: Accepted connection #33 from /172.28.16.3:33475
Feb 6, 2013 10:16:21 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
WARNING: Failed to retrieve user information for jenkins
Throwable occurred: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece] ; Remaining name: 'DC=XXXXXXXX-sa,DC=local'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3093)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1761)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1778)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:406)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:388)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:370)
at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)
...............
Feb 6, 2013 10:16:21 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
WARNING: Credential exception tying to authenticate against XXXXXXXX-sa.local domain
Throwable occurred: org.acegisecurity.BadCredentialsException: Failed to retrieve user information for jenkins; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece] ; Remaining name: 'DC=XXXXXXXX-sa,DC=local'
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:306)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134)
at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:582)
at hudson.model.User.impersonate(User.java:255)
at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44)
at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece] ; Remaining name: 'DC=XXXXXXXX-sa,DC=local'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3093)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1761)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1778)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:406)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:388)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:370)
at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260) have you set DN name & DN password? (you should better to use an admin user & password) and Try to user logging to find more info:
If you think you've configured everything correctly but still not being able to login (or any other problems), please enable Logging and configure logging level for "hudson.plugins.active_directory" to ALL. Attempt a login and then file a ticket with the log output.
Adam Wu
added a comment - - edited have you set DN name & DN password? (you should better to use an admin user & password) and Try to user logging to find more info:
If you think you've configured everything correctly but still not being able to login (or any other problems), please enable Logging and configure logging level for "hudson.plugins.active_directory" to ALL. Attempt a login and then file a ticket with the log output.
Viktor Tarasov
added a comment - It seems that in my case it's a v1.500 issue.
With v1.499 it works as expected
(as well as it worked a couple of months before).
With v1.500 when same CLI command executed two times, it fails in one of them.
I will try to get more logs.
Viktor Tarasov
added a comment - It seems that in my case it's a v1.500 issue.
With v1.499 it works as expected
(as well as it worked a couple of months before).
With v1.500 when same CLI command executed two times, it fails in one of them.
I will try to get more logs. I have the same problem. Jenkins 1.501 on Tomcat 6 / JDK 1.6.0_18 / Debian 6 / x86 talking to single-DC domain (not a particular host / no forest) running on Windows 2K3. Authentication and authorization actually is working fine, but the matrix roles view still says the Bind-DN is missing. But actually bind-DN and bind-PWD is provided and correct. Please tell me what I need to test / provide for you, and I post anything you like, just to get this fixed! 
David Aldrich
added a comment - Hi
I am running Jenkins LTS 1.480.3. We have been seeing this error:
"Failed to test the validity of the user name x"
when 'Project-based Matrix Authorization Strategy' is selected in the Configuration screen.
for a long time.
Any chance of a fix soon please?
David
David Aldrich
added a comment - Hi
I am running Jenkins LTS 1.480.3. We have been seeing this error:
"Failed to test the validity of the user name x"
when 'Project-based Matrix Authorization Strategy' is selected in the Configuration screen.
for a long time.
Any chance of a fix soon please?
David I have these symptoms sporadically on Windows 2k8r2 w/Jenkins 1.519 and AD plugin v1.33. I am also using Role-based Authorization Strategy v 1.1.2. I can view the /role-strategy/assign-roles screen without errors, and then it will refresh w/some of the Active Directory groups replaced with "Failed to test validity of the user name" in red with the below call stack.
Makareswar Rout
added a comment - I was also experiencing the same issue.But I have fixed the same at Jenkin end.We need to do an extra setup as below :
Manage Jenkins-> Configure Global Security -> Access Control -> Select Active Directory and in Advanced TAB do below changes.
Domain NAme:domain name (example : Enterprisenet.org)
Domain Controller :LDAP-Server ) (example:LDAP-OLDS.enterprisenet.org:3268)
Bind DN: domain\userid
Bind PAssword: ***************
note : Site could be kept as blank.
Test Result should be : Success
Recently, I have added and the error is no more.
Makareswar Rout
added a comment - I was also experiencing the same issue.But I have fixed the same at Jenkin end.We need to do an extra setup as below :
Manage Jenkins-> Configure Global Security -> Access Control -> Select Active Directory and in Advanced TAB do below changes.
Domain NAme:domain name (example : Enterprisenet.org)
Domain Controller :LDAP-Server ) (example:LDAP-OLDS.enterprisenet.org:3268)
Bind DN: domain\userid
Bind PAssword: ***************
note : Site could be kept as blank.
Test Result should be : Success
Recently, I have added and the error is no more. Makareswar Rout
added a comment - Attached the screen shot before and after fixing. David Aldrich
added a comment - Thanks for your notes Makarewar. We were able to fix our manifestation of this problem by specifying a BIND DN and BIND PASSWORD in Advanced settings, as you suggested. We left Domain Controller and Site blank, but did specify a Domain Name.
David Aldrich
added a comment - Thanks for your notes Makarewar. We were able to fix our manifestation of this problem by specifying a BIND DN and BIND PASSWORD in Advanced settings, as you suggested. We left Domain Controller and Site blank, but did specify a Domain Name . 
prashant kumar
added a comment - Thanks makareswar ! I was able to connect our AD server successfully.
prashant kumar
added a comment - Thanks makareswar ! I was able to connect our AD server successfully. 
Red Hat Enterprise Linux Server release 5.6 (Tikanga)
Same issue.