Details
-
Bug
-
Status: Resolved (View Workflow)
-
Major
-
Resolution: Fixed
-
None
Description
Our active directory setup has some memberOf references to groups that aren't visible by the authenticating user. This results in the following error and prevents the user from being authenticated:
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03151F00, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=example,DC=com'
^@]; remaining name 'CN=Bad Group,DC=example,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3092)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1312)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:422)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:290)
... 46 more
Attachments
Activity
Tom Palmer
added a comment - I have a submitted a pull request for a fix for this on Github (https://github.com/jenkinsci/active-directory-plugin/pull/5).
Tom Palmer
added a comment - I have a submitted a pull request for a fix for this on Github ( https://github.com/jenkinsci/active-directory-plugin/pull/5 ). 
Code changed in jenkins
User: Tom Palmer
Path:
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
http://jenkins-ci.org/commit/active-directory-plugin/74899c38e87c037084098eae3a84851b28317f03
Log:
[FIXED JENKINS-16205] Ignore the lookup failure for the memberOf group as it's possible that the authenticating user doesn't have permissions to access the group.