Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-12619

"Failed to test the validity of the user name" on all security matrices since upgrade

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Fixed
    • Jenkins 1.450, plugin version 1.26
      Windows Server 2003, non-domain server
      Installed as local user
      Our Windows domain name specified in configuration as ourdomain.co.uk

    Description

      Upgraded plugin to version 1.26 just after upgrading Jenkins to 1.450

      Now get message "Failed to test the validity of the user name x" wherever there is a security checkbox matrix.

      Everything seems to work alright still as far as I can tell.

      Stack trace:
      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for x; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ourdomain,DC=co,DC=uk'
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:231)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:130)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:95)
      at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:27)
      at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:551)
      at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:304)
      at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
      at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:159)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
      at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Unknown Source)
      Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ourdomain,DC=co,DC=uk'
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
      at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:191)
      ... 63 more

      Attachments

        Issue Links

          Activity

            untiedt Andre Untiedt added a comment -

            Red Hat Enterprise Linux Server release 5.6 (Tikanga)
            Same issue.

            untiedt Andre Untiedt added a comment - Red Hat Enterprise Linux Server release 5.6 (Tikanga) Same issue.

            I have the same issue on Ubuntu 10.4 using the "Project-based Matrix Authorization Strategy"

            ggeorgea Gwen Georgeault added a comment - I have the same issue on Ubuntu 10.4 using the "Project-based Matrix Authorization Strategy"
            flominator Flominator added a comment -

            Same here on Windows XP Pro SP2. We went back to 1.16 from http://updates.jenkins-ci.org/download/plugins/ and it worked like a charm.

            flominator Flominator added a comment - Same here on Windows XP Pro SP2. We went back to 1.16 from http://updates.jenkins-ci.org/download/plugins/ and it worked like a charm.
            mbadolato Mark Badolato added a comment -

            Same here FreeBSD 8.2, happening on Jenkins 1.454 with AD 1.26. Everything appears to be working, however (as others have also stated)

            mbadolato Mark Badolato added a comment - Same here FreeBSD 8.2, happening on Jenkins 1.454 with AD 1.26. Everything appears to be working, however (as others have also stated)
            mhmcnulty Martin McNulty added a comment - - edited

            Same here on Windows 7 Pro SP1 running under a domain account. Downgrading to 1.16 seems to fix it.

            mhmcnulty Martin McNulty added a comment - - edited Same here on Windows 7 Pro SP1 running under a domain account. Downgrading to 1.16 seems to fix it.

            Reproduced exactly on windows server 2008. Jenkins 1.447.1 and AD plugin 1.26.
            Seems fixed after downgrading to 1.16 - why did we choose that version?

            jacob_robertson Jacob Robertson added a comment - Reproduced exactly on windows server 2008. Jenkins 1.447.1 and AD plugin 1.26. Seems fixed after downgrading to 1.16 - why did we choose that version?
            alejandrotrev Alex Trevino added a comment -

            Same issue on CentOS 6.2, with Jenkins 1.454 and AD plugin 1.26.

            We downgraded to AD plugin 1.23 (previously installed version), and the problem seems to be fixed.

            alejandrotrev Alex Trevino added a comment - Same issue on CentOS 6.2, with Jenkins 1.454 and AD plugin 1.26. We downgraded to AD plugin 1.23 (previously installed version), and the problem seems to be fixed.

            Code changed in jenkins
            User: Kohsuke Kawaguchi
            Path:
            src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            http://jenkins-ci.org/commit/active-directory-plugin/5e7a25fb02ef8b7649938a258d3e741d2ddc7c8a
            Log:
            [FIXED JENKINS-12619] improved the error handling.

            If AD doesn't allow anonymous bind, it can still pass the bind method OK
            but fail only when we actually try to query. detect that and recover
            gracefully.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/5e7a25fb02ef8b7649938a258d3e741d2ddc7c8a Log: [FIXED JENKINS-12619] improved the error handling. If AD doesn't allow anonymous bind, it can still pass the bind method OK but fail only when we actually try to query. detect that and recover gracefully.
            dogfood dogfood added a comment -

            Integrated in plugins_active-directory #60
            [FIXED JENKINS-12619] improved the error handling. (Revision 5e7a25fb02ef8b7649938a258d3e741d2ddc7c8a)

            Result = SUCCESS
            Kohsuke Kawaguchi :
            Files :

            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            dogfood dogfood added a comment - Integrated in plugins_active-directory #60 [FIXED JENKINS-12619] improved the error handling. (Revision 5e7a25fb02ef8b7649938a258d3e741d2ddc7c8a) Result = SUCCESS Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            thetownfool Carl Lambert added a comment -

            I think I might be missing something here?

            I've recently upgraded to jenkins 1.472 and have just installed AD plugin 1.29

            Jenkins is installed as a service on a win2k3 server that is a member of the domain.

            the service is running as "Local System"

            I can authenticate fine, but I still have the problem listed above with the security matrices. although the stake trace suggests a slightly different cause.

            25-Jun-2012 16:28:18 hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
            WARNING: Credential exception tying to authenticate against DOMAINNAME domain
            org.acegisecurity.BadCredentialsException: Failed to retrieve user information for USERNAME; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'DC=DOMAINNAME'
            at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:306)
            at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190)
            at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134)
            at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
            at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:582)
            at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:304)
            at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
            at java.lang.reflect.Method.invoke(Unknown Source)
            at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
            at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
            at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
            at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
            at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
            at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
            at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
            at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
            at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
            at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
            at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
            at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488)
            at org.kohsuke.stapler.Stapler.service(Stapler.java:162)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
            at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
            at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
            at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
            at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
            at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
            at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
            at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
            at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
            at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
            at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
            at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
            at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
            at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
            at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
            at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
            at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
            at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
            at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
            at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
            at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
            at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
            at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
            at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
            at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
            at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
            at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
            at java.util.concurrent.FutureTask.run(Unknown Source)
            at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
            at java.lang.Thread.run(Unknown Source)
            Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'DC=DOMAINNAME'
            at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
            at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
            at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
            at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
            at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
            at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
            at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
            at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
            at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
            at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)
            ... 72 more

            Any Ideas?

            thetownfool Carl Lambert added a comment - I think I might be missing something here? I've recently upgraded to jenkins 1.472 and have just installed AD plugin 1.29 Jenkins is installed as a service on a win2k3 server that is a member of the domain. the service is running as "Local System" I can authenticate fine, but I still have the problem listed above with the security matrices. although the stake trace suggests a slightly different cause. 25-Jun-2012 16:28:18 hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Credential exception tying to authenticate against DOMAINNAME domain org.acegisecurity.BadCredentialsException: Failed to retrieve user information for USERNAME; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ] ; remaining name 'DC=DOMAINNAME' at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:306) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134) at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:582) at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:304) at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488) at org.kohsuke.stapler.Stapler.service(Stapler.java:162) at javax.servlet.http.HttpServlet.service(HttpServlet.java:45) at winstone.ServletConfiguration.execute(ServletConfiguration.java:248) at winstone.RequestDispatcher.forward(RequestDispatcher.java:333) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at winstone.RequestDispatcher.forward(RequestDispatcher.java:331) at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215) at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) at java.util.concurrent.FutureTask.run(Unknown Source) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ] ; remaining name 'DC=DOMAINNAME' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52) at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260) ... 72 more Any Ideas?
            byronbrummer Byron Brummer added a comment -

            Never fixed.

            byronbrummer Byron Brummer added a comment - Never fixed.
            byronbrummer Byron Brummer added a comment -

            Still broken with latest 1.30 plugin, effectively a blocker at it causes any use of matrix authz to lock out AD accounts. I'm not sure why this was ever set to Fixed? We're stuck on version 1.16 until this is resolved.

            byronbrummer Byron Brummer added a comment - Still broken with latest 1.30 plugin, effectively a blocker at it causes any use of matrix authz to lock out AD accounts. I'm not sure why this was ever set to Fixed? We're stuck on version 1.16 until this is resolved.

            I can reproduce this on Win2k8R2 but it works on RHEL5:
            Jenkins 1.480.2, Jenkins AD plugin 1.30

            On RHEL5, I can see the fields "Site", "Bind DN", "Bind Password", and the button "Test" on the Jenkins Config page. Using Project-based Matrix Auth, both individual users and groups are validated properly. The master config.xml file contains tags for both <bindName> and <bindPassword>.

            On Win2k8R2, Jenkins running as a Windows service using a domain account, I do not see the Site/Bind DN/Bind Password fields nor the Test button. I only get "Domain Name" and "Domain controller". Using either Matrix auth, both individual and groups fail to validate and throw the org.acegisecurity.BadCredentialsException error listed above. The master config.xml file contains only a <bindPassword> tag, presumably the value of the encrypted password is the password from the domain account used for the Windows service. If I manually add a <bindName> entry to config.xml and reload, Jenkins fails to start and throws the same BadCred exception.

            chris_williams1 Chris Williams added a comment - I can reproduce this on Win2k8R2 but it works on RHEL5: Jenkins 1.480.2, Jenkins AD plugin 1.30 On RHEL5, I can see the fields "Site", "Bind DN", "Bind Password", and the button "Test" on the Jenkins Config page. Using Project-based Matrix Auth, both individual users and groups are validated properly. The master config.xml file contains tags for both <bindName> and <bindPassword>. On Win2k8R2, Jenkins running as a Windows service using a domain account, I do not see the Site/Bind DN/Bind Password fields nor the Test button. I only get "Domain Name" and "Domain controller". Using either Matrix auth, both individual and groups fail to validate and throw the org.acegisecurity.BadCredentialsException error listed above. The master config.xml file contains only a <bindPassword> tag, presumably the value of the encrypted password is the password from the domain account used for the Windows service. If I manually add a <bindName> entry to config.xml and reload, Jenkins fails to start and throws the same BadCred exception.
            adwu73 Adam Wu added a comment -

            First, you have to verify whether the anonymous binding is set on your DC? most of time is set to off, and the security won't allow you to turn it on. So you must have an identify of the domain to query the user list on the domain.

            I have successful configure two CI master, one on Windows, one on RHEL. On RHEL, when the Bind DN/Bind Password is empty, I noticed the "Failed to test the validity of the user name" on some users.Once I set the Bind DN/Bind Password to an normal user account of the domain, I got the same error. But when I set the DN/Password to an admin level user name, the warning is gone, and all user can be validated. It seems that this is related to whether the user account has right to query the user list on the AD. On Windows CI master, the easiet way is to add CI mater to the domain.

            And use the jenkins log as descibed in the ad plugin web page helps a lot to solve these kind of issues.

            adwu73 Adam Wu added a comment - First, you have to verify whether the anonymous binding is set on your DC? most of time is set to off, and the security won't allow you to turn it on. So you must have an identify of the domain to query the user list on the domain. I have successful configure two CI master, one on Windows, one on RHEL. On RHEL, when the Bind DN/Bind Password is empty, I noticed the "Failed to test the validity of the user name" on some users.Once I set the Bind DN/Bind Password to an normal user account of the domain, I got the same error. But when I set the DN/Password to an admin level user name, the warning is gone, and all user can be validated. It seems that this is related to whether the user account has right to query the user list on the AD. On Windows CI master, the easiet way is to add CI mater to the domain. And use the jenkins log as descibed in the ad plugin web page helps a lot to solve these kind of issues.
            vtarasov Viktor Tarasov added a comment - - edited

            It seems I have the same issue with jenkins-1.500 and ADplugin-1.30.
            Master on SLES-11.

            50% of cli command fails due to the 'Failed to retrieve user information ...' error.

            The log from the client side:

            1. First attempt
              $ cat config.xml | java -jar jenkins-cli.jar -s <jenkins-url> update-job <job-name>
              Exception in thread "main" java.io.EOFException
              at java.io.DataInputStream.readBoolean(DataInputStream.java:244)
              at hudson.cli.Connection.readBoolean(Connection.java:95)
              at hudson.cli.CLI.authenticate(CLI.java:604)
              at hudson.cli.CLI._main(CLI.java:444)
              at hudson.cli.CLI.main(CLI.java:374)
            2. Second one
              $ cat config.xml | java -jar jenkins-cli.jar -s <jenkins-url> update-job <job-name>
              $

            The logs from server:
            Feb 6, 2013 10:16:21 AM hudson.TcpSlaveAgentListener$ConnectionHandler run
            INFO: Accepted connection #33 from /172.28.16.3:33475
            Feb 6, 2013 10:16:21 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
            WARNING: Failed to retrieve user information for jenkins
            Throwable occurred: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; Remaining name: 'DC=XXXXXXXX-sa,DC=local'
            at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3093)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
            at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838)
            at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1761)
            at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1778)
            at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:406)
            at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:388)
            at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:370)
            at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
            at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
            at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)
            ...............
            Feb 6, 2013 10:16:21 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
            WARNING: Credential exception tying to authenticate against XXXXXXXX-sa.local domain
            Throwable occurred: org.acegisecurity.BadCredentialsException: Failed to retrieve user information for jenkins; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; Remaining name: 'DC=XXXXXXXX-sa,DC=local'
            at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:306)
            at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190)
            at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134)
            at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
            at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:582)
            at hudson.model.User.impersonate(User.java:255)
            at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44)
            at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)
            Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; Remaining name: 'DC=XXXXXXXX-sa,DC=local'
            at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3093)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
            at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838)
            at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1761)
            at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1778)
            at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:406)
            at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:388)
            at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:370)
            at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
            at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
            at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)

            vtarasov Viktor Tarasov added a comment - - edited It seems I have the same issue with jenkins-1.500 and ADplugin-1.30. Master on SLES-11. 50% of cli command fails due to the 'Failed to retrieve user information ...' error. The log from the client side: First attempt $ cat config.xml | java -jar jenkins-cli.jar -s <jenkins-url> update-job <job-name> Exception in thread "main" java.io.EOFException at java.io.DataInputStream.readBoolean(DataInputStream.java:244) at hudson.cli.Connection.readBoolean(Connection.java:95) at hudson.cli.CLI.authenticate(CLI.java:604) at hudson.cli.CLI._main(CLI.java:444) at hudson.cli.CLI.main(CLI.java:374) Second one $ cat config.xml | java -jar jenkins-cli.jar -s <jenkins-url> update-job <job-name> $ The logs from server: Feb 6, 2013 10:16:21 AM hudson.TcpSlaveAgentListener$ConnectionHandler run INFO: Accepted connection #33 from /172.28.16.3:33475 Feb 6, 2013 10:16:21 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Failed to retrieve user information for jenkins Throwable occurred: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece] ; Remaining name: 'DC=XXXXXXXX-sa,DC=local' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3093) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1761) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1778) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:406) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:388) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:370) at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52) at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260) ............... Feb 6, 2013 10:16:21 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Credential exception tying to authenticate against XXXXXXXX-sa.local domain Throwable occurred: org.acegisecurity.BadCredentialsException: Failed to retrieve user information for jenkins; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece] ; Remaining name: 'DC=XXXXXXXX-sa,DC=local' at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:306) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134) at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:582) at hudson.model.User.impersonate(User.java:255) at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44) at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109) Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece] ; Remaining name: 'DC=XXXXXXXX-sa,DC=local' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3093) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1761) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1778) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:406) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:388) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:370) at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52) at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)
            adwu73 Adam Wu added a comment - - edited

            have you set DN name & DN password? (you should better to use an admin user & password) and Try to user logging to find more info:
            If you think you've configured everything correctly but still not being able to login (or any other problems), please enable Logging and configure logging level for "hudson.plugins.active_directory" to ALL. Attempt a login and then file a ticket with the log output.

            adwu73 Adam Wu added a comment - - edited have you set DN name & DN password? (you should better to use an admin user & password) and Try to user logging to find more info: If you think you've configured everything correctly but still not being able to login (or any other problems), please enable Logging and configure logging level for "hudson.plugins.active_directory" to ALL. Attempt a login and then file a ticket with the log output.

            It seems that in my case it's a v1.500 issue.
            With v1.499 it works as expected
            (as well as it worked a couple of months before).

            With v1.500 when same CLI command executed two times, it fails in one of them.

            I will try to get more logs.

            vtarasov Viktor Tarasov added a comment - It seems that in my case it's a v1.500 issue. With v1.499 it works as expected (as well as it worked a couple of months before). With v1.500 when same CLI command executed two times, it fails in one of them. I will try to get more logs.
            mkarg Markus KARG added a comment -

            I have the same problem. Jenkins 1.501 on Tomcat 6 / JDK 1.6.0_18 / Debian 6 / x86 talking to single-DC domain (not a particular host / no forest) running on Windows 2K3. Authentication and authorization actually is working fine, but the matrix roles view still says the Bind-DN is missing. But actually bind-DN and bind-PWD is provided and correct. Please tell me what I need to test / provide for you, and I post anything you like, just to get this fixed!

            mkarg Markus KARG added a comment - I have the same problem. Jenkins 1.501 on Tomcat 6 / JDK 1.6.0_18 / Debian 6 / x86 talking to single-DC domain (not a particular host / no forest) running on Windows 2K3. Authentication and authorization actually is working fine, but the matrix roles view still says the Bind-DN is missing. But actually bind-DN and bind-PWD is provided and correct. Please tell me what I need to test / provide for you, and I post anything you like, just to get this fixed!
            davida2009 David Aldrich added a comment -

            Hi

            I am running Jenkins LTS 1.480.3. We have been seeing this error:

            "Failed to test the validity of the user name x"

            when 'Project-based Matrix Authorization Strategy' is selected in the Configuration screen.

            for a long time.

            Any chance of a fix soon please?

            David

            davida2009 David Aldrich added a comment - Hi I am running Jenkins LTS 1.480.3. We have been seeing this error: "Failed to test the validity of the user name x" when 'Project-based Matrix Authorization Strategy' is selected in the Configuration screen. for a long time. Any chance of a fix soon please? David
            potatopankakes Jeff Burke added a comment -

            I have these symptoms sporadically on Windows 2k8r2 w/Jenkins 1.519 and AD plugin v1.33. I am also using Role-based Authorization Strategy v 1.1.2. I can view the /role-strategy/assign-roles screen without errors, and then it will refresh w/some of the Active Directory groups replaced with "Failed to test validity of the user name" in red with the below call stack.

            potatopankakes Jeff Burke added a comment - I have these symptoms sporadically on Windows 2k8r2 w/Jenkins 1.519 and AD plugin v1.33. I am also using Role-based Authorization Strategy v 1.1.2. I can view the /role-strategy/assign-roles screen without errors, and then it will refresh w/some of the Active Directory groups replaced with "Failed to test validity of the user name" in red with the below call stack.
            makareswar Makareswar Rout added a comment - - edited

            No error more

            makareswar Makareswar Rout added a comment - - edited No error more

            I was also experiencing the same issue.But I have fixed the same at Jenkin end.We need to do an extra setup as below :

            Manage Jenkins-> Configure Global Security -> Access Control -> Select Active Directory and in Advanced TAB do below changes.
            Domain NAme:domain name (example : Enterprisenet.org)
            Domain Controller :LDAP-Server ) (example:LDAP-OLDS.enterprisenet.org:3268)
            Bind DN: domain\userid
            Bind PAssword: ***************

            note : Site could be kept as blank.

            Test Result should be : Success

            Recently, I have added and the error is no more.

            makareswar Makareswar Rout added a comment - I was also experiencing the same issue.But I have fixed the same at Jenkin end.We need to do an extra setup as below : Manage Jenkins-> Configure Global Security -> Access Control -> Select Active Directory and in Advanced TAB do below changes. Domain NAme:domain name (example : Enterprisenet.org) Domain Controller :LDAP-Server ) (example:LDAP-OLDS.enterprisenet.org:3268) Bind DN: domain\userid Bind PAssword: *************** note : Site could be kept as blank. Test Result should be : Success Recently, I have added and the error is no more.

            Attached the screen shot before and after fixing.

            makareswar Makareswar Rout added a comment - Attached the screen shot before and after fixing.
            davida2009 David Aldrich added a comment -

            Thanks for your notes Makarewar. We were able to fix our manifestation of this problem by specifying a BIND DN and BIND PASSWORD in Advanced settings, as you suggested. We left Domain Controller and Site blank, but did specify a Domain Name.

            davida2009 David Aldrich added a comment - Thanks for your notes Makarewar. We were able to fix our manifestation of this problem by specifying a BIND DN and BIND PASSWORD in Advanced settings, as you suggested. We left Domain Controller and Site blank, but did specify a Domain Name .

            Thanks makareswar ! I was able to connect our AD server successfully.

            cusatprashant prashant kumar added a comment - Thanks makareswar ! I was able to connect our AD server successfully.

            People

              makareswar Makareswar Rout
              tomfanning Tom Fanning
              Votes:
              18 Vote for this issue
              Watchers:
              24 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: