[JENKINS-13965] LDAP trouble : gets the info, but error 32 still

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: ldapemail-plugin
Labels:
None
Environment:
debian wheezy

Similar Issues:
Powered by SuggestiMate

Show

Jenkins version 1.466, run as java -jar jenkins.war, using apache 2.2.22 as web server

after configuring my ldap :
<securityRealm class="hudson.security.LDAPSecurityRealm">
<server>ldap://our.server.com</server>
<rootDN>OU=people,DC=company,DC=com</rootDN>
<inhibitInferRootDN>false</inhibitInferRootDN>
<userSearchBase></userSearchBase>
<userSearch>mail=

{0}

</userSearch>
<groupSearchBase>OU=people,DC=company,DC=com</groupSearchBase>
<managerDN>CN=manager,DC=company,DC=com</managerDN>
<managerPassword>X3NjaWxhYl8=</managerPassword>
</securityRealm>

We try to login, and always get the error 32

May 31, 2012 4:59:38 PM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication
INFO: Login attempt failed
org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP: error code 32 - No Such Object]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'mail=simon@company.com'; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP: error code 32 - No Such Object]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'mail=simon@company.com'
at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238)
at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
Caused by: org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP: error code 32 - No Such Object]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'mail=simon@company.com'
at org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)
at org.acegisecurity.ldap.LdapTemplate.retrieveEntry(LdapTemplate.java:165)
at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.bindWithDn(BindAuthenticator.java:87)
at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:72)
at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49)
at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)
... 30 more
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'mail=simon@company.com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3112)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1332)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)
at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)
at org.acegisecurity.ldap.LdapTemplate$2.doInDirContext(LdapTemplate.java:168)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
... 35 more

My credentials are correct (Bad Credentials log if I change them). ngrep on port 389 on ldap server gives me this feedback :
T jenkins.server.ip:45607 -> ldap.server.ip:389 [AP]
0T...cO..OU=people,DC=company,DC=com................ ..mail..simon@company.com0.
#
T ldap.server.ip:389 -> jenkins.server.ip:45607 [AP]
0..>...d..7.8mail=simon@company.com,ou=people,dc=company,dc=com0...0"..mail1...simon@company.com0...cn1...Simon MYNAME0...sn1...MYNAME0...displayName1...Simon MYNAME0!..uid1...
simon@company.com0...title1...M.0...telephoneNumber1...UN
#
T ldap.server.ip:389 -> jenkins.server.ip:45607 [AP]
0....e........
#####
T jenkins.server.ip:45715 -> ldap.server.ip:389 [AP]
0N...`I....8mail=simon@company.com,OU=people,DC=company,DC=com..clearpassword
##
T ldap.server.ip:389 -> jenkins.server.ip:45715 [AP]
0....a........
##
T jenkins.server.ip:45715 -> ldap.server.ip:389 [AP]
0]...cX.8mail=simon@company.com,OU=people,DC=company,DC=com.................objectClass0.
#
T ldap.server.ip:389 -> jenkins.server.ip:45715 [AP]
0....e... ....
#
T jenkins.server.ip:45715 -> ldap.server.ip:389 [AP]
0....B.

First lines tell me that the info about the user is retreived (hence my DN manager is correct, his password too, and the DNroot is good too, isn't it?)
My second guess would be that the password is wrong, but since it's written in clear, I can read it and it's correct.

So..is this a misconfiguration from my part, or is this indeed a bug?

Roman Kovtyukh added a comment - 2017-03-23 14:41

Hello.

We just solve this issue in our company.

To make it work we just make userSearchBase field empty.

To check LDAP working I also used this script
Before the issue was solved, script was able to resolve only groups, but not users.

Roman Kovtyukh added a comment - 2017-03-23 14:41 Hello. We just solve this issue in our company. To make it work we just make userSearchBase field empty. To check LDAP working I also used this script Before the issue was solved, script was able to resolve only groups, but not users.

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Roman Kovtyukh added a comment - 2017-03-23 14:41

Expand comment: Roman Kovtyukh added a comment - 2017-03-23 14:41

People

Dates