Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17676

ADSI mode auth no longer working after update to AD plugin v 1.31

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • active-directory-plugin
    • None
    • Jenkins 1.511 (UI accessed via HTTPS), JRE 1.7.0_07 64bit running on Win7 Pro SP1 64bit.
      Multiple slaves, all running Windows 7 or Server 2008.

      After update to AD plugin 1.31 authentication is no longer working in ADSI mode (i.e. domain name empty in configuration).
      Jenkins exception is stating The server is not operational.
      When a domain name is set (i.e. in LDAP mode) the authentication is working fine.
      But that's not acceptable for me as it will transfer bind passwords in plain text (I didn't yet work on getting Jenkins AD Plugin using LDAPS as ADSI was always working and implicitely uses TLS).

      All AD plugin settings are empty. Config section is (actual password replaced by xx)

        <securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" plugin="active-directory@1.30">
    <bindPassword>xx</bindPassword>
  </securityRealm>

      The problem also occurs of dedicated domain controllers are given.
      It only disappears if a domain name is set to force LDAP usage.

      Full exception seen is (xx put in place of sensitive AD data):

      Apr 19, 2013 6:49:15 AM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication
INFO: Login attempt failed
org.acegisecurity.BadCredentialsException: Incorrect password for xx for=CN=xxx,OU=USERS,OU=xx,OU=xx,DC=xx,DC=xx: error=8007203A; nested exception is com4j.ComException: 8007203a The server is not operational. : The server is not operational.
 : .\invoke.cpp:517
	at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:109)
	at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
	at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
	at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
	at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
	at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
	at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
	at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Caused by: com4j.ComException: 8007203a The server is not operational. : The server is not operational.
 : .\invoke.cpp:517
	at com4j.Wrapper.invoke(Wrapper.java:166)
	at $Proxy45.openDSObject(Unknown Source)
	at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:101)
	... 33 more
Caused by: com4j.ComException: 8007203a The server is not operational. : The server is not operational.
 : .\invoke.cpp:517
	at com4j.Native.invoke(Native Method)
	at com4j.StandardComMethod.invoke(StandardComMethod.java:35)
	at com4j.Wrapper$InvocationThunk.call(Wrapper.java:340)
	at com4j.Task.invoke(Task.java:51)
	at com4j.ComThread.run0(ComThread.java:153)
	at com4j.ComThread.run(ComThread.java:134)

          [JENKINS-17676] ADSI mode auth no longer working after update to AD plugin v 1.31

          Jason Eick added a comment -

          This is a blocker for me as well. Look forward to it quickly getting resolved.

          Jenkins: 1.512
          ActiveDirectory: 1.31

          Jason Eick added a comment - This is a blocker for me as well. Look forward to it quickly getting resolved. Jenkins: 1.512 ActiveDirectory: 1.31

          Michael Fowler added a comment -

          Still broken in 1.32

          Michael Fowler added a comment - Still broken in 1.32

          Jesse Glick added a comment -

          Anyone able to reproduce, consider using git bisect to figure out which change in 1.31 caused this.

          Jesse Glick added a comment - Anyone able to reproduce, consider using git bisect to figure out which change in 1.31 caused this.

          kalpesh soni added a comment -

          https://github.com/jenkinsci/active-directory-plugin/commits/master

          oh no kohsuke you didnt

          kalpesh soni added a comment - https://github.com/jenkinsci/active-directory-plugin/commits/master oh no kohsuke you didnt

          Jesse Glick added a comment -

          @kohsuke says @ef66cbbb@ is the cause; under investigation.

          Jesse Glick added a comment - @kohsuke says @ef66cbbb@ is the cause; under investigation.

          Kurt added a comment -

          Working again for me with AD Plugin v 1.33.
          Thanks for the fix.

          Kurt added a comment - Working again for me with AD Plugin v 1.33. Thanks for the fix.

          Jesse Glick added a comment -

          https://github.com/jenkinsci/active-directory-plugin/commit/db86b7c2a690332b4fa39c7d357ae196363b156a

          Jesse Glick added a comment - https://github.com/jenkinsci/active-directory-plugin/commit/db86b7c2a690332b4fa39c7d357ae196363b156a

            kktest10 Kohsuke Kawaguchi
            klou Kurt
            Votes:
            13 Vote for this issue
            Watchers:
            20 Start watching this issue

              Created:
              Updated:
              Resolved: