Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17477

Active Directory plugin not working with SSL connections

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Labels:
      None
    • Environment:
      Red Hat Linux
      Jenkins 1.480.3
      Active Directory Plugin 1.30
    • Similar Issues:

      Description

      Can't connect to Active Directory from a Linux machine with the Active Directory plugin. Our servers require SSL access, no anonymous binds. Simple authentication over SSL is OK.

      I've supplied the: -Djavax.net.ssl.trustStore=/path/to/jenkins/truststore.crt and -Djavax.net.ssl.trustStorePassword=mypass arguments to Jenkins on startup.

      The Active Directory plugin v1.17 on Hudson works.

      Apr 4, 2013 11:45:29 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: Connecting to ldap://hostname:3269/
      
      Apr 4, 2013 11:45:30 AM hudson.plugins.active_directory.TrustAllSocketFactory 
      FINE: Got the certificate:  [[
      
      (output looks OK here)
      
      ]]
      
      Apr 4, 2013 11:45:30 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: Failed to start TLS. Authentication will be done via plain-text LDAP
      javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090DF2, comment: TLS or SSL already in effect, data 0, v1db1]; remaining name ''
      	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3081)
      	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
      	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
      	at com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3166)
      	at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:413)
      	at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:357)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:245)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134)
      	at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
      	at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
      	at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
      	at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
      	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
      	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      	at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      	at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
      	at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
      	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:138)
      	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      	at java.lang.Thread.run(Thread.java:619)
      

        Attachments

          Issue Links

            Activity

            Hide
            idapperdanman David Ishee added a comment -

            May be related to JENKINS-13677, but different error messages.

            Show
            idapperdanman David Ishee added a comment - May be related to JENKINS-13677 , but different error messages.

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              idapperdanman David Ishee
              Votes:
              4 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated: