Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-15073

Active directory authentication failed when no ssl is used

      I'm trying to use Active directory plugin to authenticate in Jenkins, but it's not working with the following log message:

      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: SoftDev_GLOBAL is a member of CN=SoftDev_GLOBAL,CN=Users,DC=novacard,DC=local
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: InternetProxy is a member of CN=InternetProxy,CN=Users,DC=novacard,DC=local
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINER: Looking up group of

      {tokengroups=tokenGroups: [B@1066d88, [B@1011f1f, [B@a24141, [B@6a16d4, [B@100e398, [B@15e10ab, [B@987c7d, [B@115272a, memberof=memberOf: CN=InternetProxy,CN=Users,DC=novacard,DC=local, CN=SoftDev_GLOBAL,CN=Users,DC=novacard,DC=local, cn=cn: v_okunev}

      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: Stage 2: looking up via memberOf
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: CN=v_okunev,OU=ODIPP,OU=all_users,DC=novacard,DC=local is a member of cn: Users
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: CN=v_okunev,OU=ODIPP,OU=all_users,DC=novacard,DC=local is a member of cn: Remote Desktop Users
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: CN=v_okunev,OU=ODIPP,OU=all_users,DC=novacard,DC=local is a member of cn: CERTSVC_DCOM_ACCESS
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: CN=v_okunev,OU=ODIPP,OU=all_users,DC=novacard,DC=local is a member of cn: Projects_ISO 9001_R
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: CN=v_okunev,OU=ODIPP,OU=all_users,DC=novacard,DC=local is a member of cn: SoftDev Local
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: CN=v_okunev,OU=ODIPP,OU=all_users,DC=novacard,DC=local is a member of cn: SoftDev_GLOBAL
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: CN=v_okunev,OU=ODIPP,OU=all_users,DC=novacard,DC=local is a member of cn: Domain Users
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: CN=v_okunev,OU=ODIPP,OU=all_users,DC=novacard,DC=local is a member of cn: InternetProxy
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINER: Looking up group of CN=v_okunev,OU=ODIPP,OU=all_users,DC=novacard,DC=local
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: Found user v_okunev :

      {displayname=displayName: Vasily Okunev, givenname=givenName: Vasily, samaccounttype=sAMAccountType: 805306368, objectclass=objectClass: top, person, organizationalPerson, user, primarygroupid=primaryGroupID: 513, objectcategory=objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=novacard,DC=local, cn=cn: v_okunev, useraccountcontrol=userAccountControl: 512, userprincipalname=userPrincipalName: v_okunev@novacard.local, distinguishedname=distinguishedName: CN=v_okunev,OU=ODIPP,OU=all_users,DC=novacard,DC=local, whenchanged=whenChanged: 20120903074123.0Z, whencreated=whenCreated: 20111114080147.0Z, objectguid=objectGUID: ????D?/???u ?, sn=sn: Okunev, usnchanged=uSNChanged: 53029481, usncreated=uSNCreated: 46439223, usercertificate=userCertificate: [B@c5294d, objectsid=objectSid: [B@1ab0e3, samaccountname=sAMAccountName: v_okunev, instancetype=instanceType: 4, memberof=memberOf: CN=InternetProxy,CN=Users,DC=novacard,DC=local, CN=SoftDev_GLOBAL,CN=Users,DC=novacard,DC=local, name=name: v_okunev}

      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: Failed to find v_okunev in userPrincipalName. Trying sAMAccountName
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: Bound to ncfs.novacard.local:3268
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: Binding as v_okunev@novacard.local to ldap://ncfs.novacard.local:3268/
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: Failed to start TLS. Authentication will be done via plain-text LDAP
      javax.naming.CommunicationException: Remote host closed connection during handshake [Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]
      at com.sun.jndi.ldap.LdapCtx.extendedOperation(Unknown Source)
      at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:413)
      at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:357)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:245)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134)
      at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
      at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
      at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
      at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
      at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
      at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
      at java.util.concurrent.FutureTask.run(Unknown Source)
      at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)
      Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
      at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
      at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
      at java.io.BufferedOutputStream.flush(Unknown Source)
      at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
      at com.sun.jndi.ldap.LdapClient.extendedOp(Unknown Source)
      ... 39 more
      Caused by: java.io.EOFException: SSL peer shut down incorrectly
      at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
      ... 47 more
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: Connecting to ldap://ncfs.novacard.local:3268/
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: _gc._tcp.novacard.local resolved to [ncfs.novacard.local:3268]
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: SRV record found: 0 100 3268 ncfs.novacard.local.
      Sep 7, 2012 3:47:23 PM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: Attempting to resolve _gc._tcp.novacard.local to SRV record

      Server with LDAP do not use SSL. What should I do in that way?

          [JENKINS-15073] Active directory authentication failed when no ssl is used

          There are no comments yet on this issue.

            Unassigned Unassigned
            piratenn Vasily Okunev
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: