Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-12920

LDAP autentication has incorrect credentials for user

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Major Major
    • ldap-plugin
    • Jenkins ver. 1.451

      We have company LDAP server with all users, I have tried to configure Jenkins to use this LDAP database, but user login fails with exception in jenkins.log (see bellow)
      Problem:
      Our LDAP identify user by "uid" token, but in log file there is some "userDnuid", which is not supported. There is no possible to configure mapping user to another token.

      Jenkins configuration:

      • User search filter: uid= {0}

        ... this explicit setting does not help either

      -------
      WARNING: Failed to bind to LDAP: userDnuid=myname,ou=Account,dc=mycompany,dc=com username=myname
      javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3032)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:306)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
      ...
      INFO: Login attempt failed
      org.acegisecurity.BadCredentialsException: Bad credentials
      at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:76)
      at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49)
      at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)
      at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
      at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
      at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
      at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)

            Unassigned Unassigned
            rdkchrom Radek Chromy
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: