Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16205

Inaccessible active directory groups prevent authentication

    XMLWordPrintable

Details

    Description

      Our active directory setup has some memberOf references to groups that aren't visible by the authenticating user. This results in the following error and prevents the user from being authenticated:

      Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03151F00, problem 2001 (NO_OBJECT), data 0, best match of:
              'DC=example,DC=com'
      ^@]; remaining name 'CN=Bad Group,DC=example,DC=com'
              at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3092)
              at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
              at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
              at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1312)
              at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213)
              at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
              at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:422)
              at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:290)
              ... 46 more
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            tmpalmer Tom Palmer
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: