Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16257

Active Directory Plugin - Credential exception tying to authenticate with special characters like / or #

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • None
    • debian 6.0

      The authentification through active directory don't work. The "test" on configuration site is okay, but i can't log in.

      Jan 4, 2013 1:14:16 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      WARNING: Failed to retrieve user information for username
      javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031006CC, problem 5012 (DIR_ERROR), data 0
      ]; remaining name 'CN=user,OU=Services,OU=NetworkServices,OU=IT,OU=#KONFIGURATION,DC=,DC=de'
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3072)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
      at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1024)
      at com.sun.jndi.toolkit.ctx.ComponentContext.c_resolveIntermediate_nns(ComponentContext.java:170)
      at com.sun.jndi.toolkit.ctx.AtomicContext.c_resolveIntermediate_nns(AtomicContext.java:360)
      at com.sun.jndi.toolkit.ctx.ComponentContext.p_resolveIntermediate(ComponentContext.java:399)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:223)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:370)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:290)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134)
      at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
      at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
      at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
      at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
      at java.util.concurrent.FutureTask.run(FutureTask.java:166)
      at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
      at java.lang.Thread.run(Thread.java:636)
      Jan 4, 2013 1:14:16 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      WARNING: Credential exception tying to authenticate against

      The weird thing is that a say that he can't retrieve user information, but he log the correct DN of my user!

          [JENKINS-16257] Active Directory Plugin - Credential exception tying to authenticate with special characters like / or #

          Kohsuke Kawaguchi added a comment - - edited

          I wonder maybe '#' needs to be escaped by the plugin. This needs testing.

          Kohsuke Kawaguchi added a comment - - edited I wonder maybe '#' needs to be escaped by the plugin. This needs testing.

          Bjoern Becker added a comment -

          Yes, maybe. How escape this in the plugin?

          I'll test everything. What can I do now?

          Bjoern Becker added a comment - Yes, maybe. How escape this in the plugin? I'll test everything. What can I do now?

          Dave Bottger added a comment -

          I have the same issue, but I suspect it is caused a different character(log below).
          Could the same fix applied in JENKINS-12907 be used here?
          https://github.com/jenkinsci/active-directory-plugin/commit/d7e074905585af53eb553a1fa05726853273c338

          ++++++++++++++++++++++++

          Dec 12, 2013 11:01:30 AM FINER hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider

          Looking up group of CN=Bottger David (GARE/Chicago),OU=Americas,OU=User Accounts,DC=GIE,DC=Gimia,DC=com

          Dec 12, 2013 11:01:30 AM WARNING hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser

          Failed to retrieve user information for dbottger
          javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0
          ]; remaining name 'CN=Bottger David (GARE/Chicago),OU=Americas,OU=User Accounts,DC=GIE,DC=Gimia,DC=com

          Dave Bottger added a comment - I have the same issue, but I suspect it is caused a different character(log below). Could the same fix applied in JENKINS-12907 be used here? https://github.com/jenkinsci/active-directory-plugin/commit/d7e074905585af53eb553a1fa05726853273c338 ++++++++++++++++++++++++ Dec 12, 2013 11:01:30 AM FINER hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider Looking up group of CN=Bottger David (GARE/Chicago),OU=Americas,OU=User Accounts,DC=GIE,DC=Gimia,DC=com Dec 12, 2013 11:01:30 AM WARNING hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser Failed to retrieve user information for dbottger javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0 ]; remaining name 'CN=Bottger David (GARE/Chicago),OU=Americas,OU=User Accounts,DC=GIE,DC=Gimia,DC=com

          We are having a similar issue with the "/" character in our LDAP query string. Our OU has a "/" in it and active directory login will not work, as soon as that character is removed we are able to login successfully.

          James Jamieson added a comment - We are having a similar issue with the "/" character in our LDAP query string. Our OU has a "/" in it and active directory login will not work, as soon as that character is removed we are able to login successfully.

          James Nord added a comment - - edited

          James Nord added a comment - - edited link to characters that need escaping

          Code changed in jenkins
          User: Felix Belzunce Arcos
          Path:
          src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
          src/main/java/hudson/plugins/active_directory/LDAPSearchBuilder.java
          src/main/resources/hudson/plugins/active_directory/ActiveDirectorySecurityRealm/help-bindName.html
          http://jenkins-ci.org/commit/active-directory-plugin/96a21ce114ebf85de4b3a09c93c5c4828a284834
          Log:
          Merge pull request #18 from fbelzunc/JENKINS-16257

          [FIXED JENKINS 16257] Active Directory Plugin - Credential exception tying to authenticate with special characters like / or #

          Compare: https://github.com/jenkinsci/active-directory-plugin/compare/663ae6079281...96a21ce114eb

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Felix Belzunce Arcos Path: src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/LDAPSearchBuilder.java src/main/resources/hudson/plugins/active_directory/ActiveDirectorySecurityRealm/help-bindName.html http://jenkins-ci.org/commit/active-directory-plugin/96a21ce114ebf85de4b3a09c93c5c4828a284834 Log: Merge pull request #18 from fbelzunc/ JENKINS-16257 [FIXED JENKINS 16257] Active Directory Plugin - Credential exception tying to authenticate with special characters like / or # Compare: https://github.com/jenkinsci/active-directory-plugin/compare/663ae6079281...96a21ce114eb

            fbelzunc FĂ©lix Belzunce Arcos
            bjoern Bjoern Becker
            Votes:
            4 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: