Status: Open (View Workflow)
Win Server 2008, AIX, AD plugin version=1.26, Jenkins version=1.424.6
Using the Project-based Matrix Authorization Strategy the identification of the usernames doesn't work properly. Sometimes the username is recognized, sometimes the user fullname is recognized, sometimes nor the username neither the full name are recognized.
It worked in old versions of jenkins and the plugin (1.16).
The errormessage is:
org.acegisecurity.BadCredentialsException: Failed to retrieve user information for xyz; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
- is related to
JENKINS-12619 "Failed to test the validity of the user name" on all security matrices since upgrade
JENKINS-17581 Using the API Token beyond 496 causes intermittent 500 errors
JENKINS-18906 Problem with Active Directory plugin and Role-Based Strategy plugin working together
>>>The error is because your AD does not allow anonymous bind, and therefore we cannot validate names of the other users. I believe specifying the bind DN and password will solve this problem.
Where does one specify a bind user and password? The only options I see under Advanced are "Domain Name" and "Domain controller".
>>The error is because your AD does not allow anonymous bind
How does that account for the observation that the calls fail and succeed in alternation?
Have confirmed that with plugin version 1.33 and a Bind DN set this does work.
However, the domain controller does allow anonymous binds, so there's still a bug here.
If you see ActiveDirectoryUnixAuthenticationProvider in stack trace on Windows, that's because you are running earlier version of the AD plugin that does not support ADSI auth for 64bit Windows.
Also, when you report a stack trace, please do not truncate the stack trace. We need not just the error message but the stack frames leading up to it, including all the nested stack traces.
If you are worried that the lengthy text will make the issue hard to look at, please use attachments.
The error is because your AD does not allow anonymous bind, and therefore we cannot validate names of the other users. I believe specifying the bind DN and password will solve this problem.