[JENKINS-14057] With Active Directory Plugin, the user/group validation in authorization strategy of configuration screen fails

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: active-directory-plugin
Labels:
None
Environment:
Win Server 2008, AIX, AD plugin version=1.26, Jenkins version=1.424.6

Similar Issues:
Powered by SuggestiMate

Show

Using the Project-based Matrix Authorization Strategy the identification of the usernames doesn't work properly. Sometimes the username is recognized, sometimes the user fullname is recognized, sometimes nor the username neither the full name are recognized.

It worked in old versions of jenkins and the plugin (1.16).

The errormessage is:
org.acegisecurity.BadCredentialsException: Failed to retrieve user information for xyz; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Stacktrace1.txt
7 kB
2013-04-19 08:25

is related to

JENKINS-12619 "Failed to test the validity of the user name" on all security matrices since upgrade

Resolved

JENKINS-17581 Using the API Token beyond 496 causes intermittent 500 errors

Open

JENKINS-18906 Problem with Active Directory plugin and Role-Based Strategy plugin working together

Resolved

Thorsten Löber created issue - 2012-06-08 09:25

Stefan added a comment - 2012-07-19 14:18 - edited

We are facing the same problems (with Jenkins 1.424.6 and Active Directory Plugin 1.29) and are interested in an error analysis or even a solution. The stack trace displayed in the Authorization Strategy table is:

Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'DC=***,DC=***,DC=***'
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
	at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
	at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)
	... 66 more

Stefan added a comment - 2012-07-19 14:18 - edited We are facing the same problems (with Jenkins 1.424.6 and Active Directory Plugin 1.29) and are interested in an error analysis or even a solution. The stack trace displayed in the Authorization Strategy table is: Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'DC=***,DC=***,DC=***' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52) at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260) ... 66 more

Stefan made changes - 2012-07-19 14:22

Description	Original: Using the Project-based Matrix Authorization Strategy the identification of the usernames doesn't work properly. Sometimes the username is recognized, sometimes the user fullname is recognized, sometimes nor the username neither the full name are recognized. It worked in old versions of jenkins and the plugin (1.16). The errormessage is: org.acegisecurity.BadCredentialsException: Failed to retrieve user information for xyz; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece	New: Using the Project-based Matrix Authorization Strategy the identification of the usernames doesn't work properly. Sometimes the username is recognized, sometimes the user fullname is recognized, sometimes nor the username neither the full name are recognized. It worked in old versions of jenkins and the plugin (1.16). The errormessage is: org.acegisecurity.BadCredentialsException: Failed to retrieve user information for xyz; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
Summary	Original: Active Directory Plugin doesn't work anymore	New: Active Directory Plugin doesn't work anymore (user/group identification in authorization strategy fails)

Stefan made changes - 2012-07-19 14:25

Environment

Original: Win Server 2008, AIX

New: Win Server 2008, AIX, AD plugin version=1.26, Jenkins version=1.424.6

Stefan added a comment - 2012-07-23 08:46

I am also wondering why the class ActiveDirectoryUnixAuthenticationProvider is invoked although we are running on a Windows system.

Stefan added a comment - 2012-07-23 08:46 I am also wondering why the class ActiveDirectoryUnixAuthenticationProvider is invoked although we are running on a Windows system.

Stefan added a comment - 2012-07-23 08:50

I am asking who to assign issues related to the Active Directory plugin as the automatic assignment is Unassigned

Stefan added a comment - 2012-07-23 08:50 I am asking who to assign issues related to the Active Directory plugin as the automatic assignment is Unassigned

Stefan made changes - 2012-07-23 08:50

Assignee

New: Kohsuke Kawaguchi [ kktest11 ]

Stefan made changes - 2012-08-08 08:19

Summary

Original: Active Directory Plugin doesn't work anymore (user/group identification in authorization strategy fails)

New: With Active Directory Plugin, the user/group validation in authorization strategy of configuration screen fails

Dan Stine added a comment - 2012-08-13 14:01 - edited

We also see a flavor of this error. Jenkins 1.466.1, Active Directory plugin 1.29, CentOS 5.6. I think we also had it under the covers in our prior combination (1.448 / 1.24), it was just less obvious because the "Failed to test the validity of the user name" message didn't show in the UI. We are also using Project-based Matrix Authorization Strategy.

Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'DC=copyright,DC=com'

Dan Stine added a comment - 2012-08-13 14:01 - edited We also see a flavor of this error. Jenkins 1.466.1, Active Directory plugin 1.29, CentOS 5.6. I think we also had it under the covers in our prior combination (1.448 / 1.24), it was just less obvious because the "Failed to test the validity of the user name" message didn't show in the UI. We are also using Project-based Matrix Authorization Strategy. Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'DC=copyright,DC=com'

David Aldrich added a comment - 2012-08-20 08:35 - edited

We also see this error. We are running Jenkins 1.466.1 LTS with Active Directory authentication, on Centos 5.8. The authentication has been working correctly, but today I noticed the following type of error in:

Manage Jenkins > Configure System > Authorization > Project-based Matrix Authorization Strategy:

Failed to test the validity of the user name <myname> (show details)
org.acegisecurity.BadCredentialsException: Failed to retrieve user information for <myname>; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece

I clicked ‘Test’ underneath ‘Active Directory’ and it gave an error. I then downgraded the Active Directory plugin from 1.29 to 1.19. ‘Test’ now succeeds but the ‘Project-based Matrix Authorization Strategy’ area still shows the above error against each user.

David Aldrich added a comment - 2012-08-20 08:35 - edited We also see this error. We are running Jenkins 1.466.1 LTS with Active Directory authentication, on Centos 5.8. The authentication has been working correctly, but today I noticed the following type of error in: Manage Jenkins > Configure System > Authorization > Project-based Matrix Authorization Strategy: Failed to test the validity of the user name <myname> (show details) org.acegisecurity.BadCredentialsException: Failed to retrieve user information for <myname>; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece I clicked ‘Test’ underneath ‘Active Directory’ and it gave an error. I then downgraded the Active Directory plugin from 1.29 to 1.19. ‘Test’ now succeeds but the ‘Project-based Matrix Authorization Strategy’ area still shows the above error against each user.

Assignee:: Kohsuke Kawaguchi

Reporter:: Thorsten Löber

Votes:: 13 Vote for this issue

Watchers:: 18 Start watching this issue

Created:: 2012-06-08 09:25

Updated:: 2013-08-23 04:04

Jenkins

Details

Description

Attachments

Attachments

Issue Links

Activity

Collapse comment: Stefan added a comment - 2012-07-19 14:18, Edited by Stefan - 2012-07-19 14:21

Expand comment: Stefan added a comment - 2012-07-19 14:18, Edited by Stefan - 2012-07-19 14:21

Collapse comment: Stefan added a comment - 2012-07-23 08:46

Expand comment: Stefan added a comment - 2012-07-23 08:46

Collapse comment: Stefan added a comment - 2012-07-23 08:50

Expand comment: Stefan added a comment - 2012-07-23 08:50

Collapse comment: Dan Stine added a comment - 2012-08-13 14:01, Edited by Dan Stine - 2012-08-13 14:03

Expand comment: Dan Stine added a comment - 2012-08-13 14:01, Edited by Dan Stine - 2012-08-13 14:03

Collapse comment: David Aldrich added a comment - 2012-08-20 08:35, Edited by David Aldrich - 2012-08-20 08:46

Expand comment: David Aldrich added a comment - 2012-08-20 08:35, Edited by David Aldrich - 2012-08-20 08:46

People

Dates