Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17676

ADSI mode auth no longer working after update to AD plugin v 1.31

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Blocker
    • Resolution: Fixed
    • None
    • Jenkins 1.511 (UI accessed via HTTPS), JRE 1.7.0_07 64bit running on Win7 Pro SP1 64bit.
      Multiple slaves, all running Windows 7 or Server 2008.

    Description

      After update to AD plugin 1.31 authentication is no longer working in ADSI mode (i.e. domain name empty in configuration).
      Jenkins exception is stating The server is not operational.
      When a domain name is set (i.e. in LDAP mode) the authentication is working fine.
      But that's not acceptable for me as it will transfer bind passwords in plain text (I didn't yet work on getting Jenkins AD Plugin using LDAPS as ADSI was always working and implicitely uses TLS).

      All AD plugin settings are empty. Config section is (actual password replaced by xx)

        <securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" plugin="active-directory@1.30">
          <bindPassword>xx</bindPassword>
        </securityRealm>
      

      The problem also occurs of dedicated domain controllers are given.
      It only disappears if a domain name is set to force LDAP usage.

      Full exception seen is (xx put in place of sensitive AD data):

      Apr 19, 2013 6:49:15 AM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication
      INFO: Login attempt failed
      org.acegisecurity.BadCredentialsException: Incorrect password for xx for=CN=xxx,OU=USERS,OU=xx,OU=xx,DC=xx,DC=xx: error=8007203A; nested exception is com4j.ComException: 8007203a The server is not operational. : The server is not operational.
       : .\invoke.cpp:517
      	at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:109)
      	at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
      	at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
      	at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
      	at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
      	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
      	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      	at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      	at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
      	at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
      	at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
      	at java.util.concurrent.FutureTask.run(Unknown Source)
      	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      	at java.lang.Thread.run(Unknown Source)
      Caused by: com4j.ComException: 8007203a The server is not operational. : The server is not operational.
       : .\invoke.cpp:517
      	at com4j.Wrapper.invoke(Wrapper.java:166)
      	at $Proxy45.openDSObject(Unknown Source)
      	at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:101)
      	... 33 more
      Caused by: com4j.ComException: 8007203a The server is not operational. : The server is not operational.
       : .\invoke.cpp:517
      	at com4j.Native.invoke(Native Method)
      	at com4j.StandardComMethod.invoke(StandardComMethod.java:35)
      	at com4j.Wrapper$InvocationThunk.call(Wrapper.java:340)
      	at com4j.Task.invoke(Task.java:51)
      	at com4j.ComThread.run0(ComThread.java:153)
      	at com4j.ComThread.run(ComThread.java:134)
      

      Attachments

        Issue Links

          Activity

            klou Kurt created issue -
            klou Kurt made changes -
            Field Original Value New Value
            Affects Version/s current [ 10162 ]
            klou Kurt made changes -
            Environment Jenkins 1.511 UE accessed via HTTPS, JRE 1.7.0_07 64bit running on Win7 Pro SP1 64bit.
            Multiple slaves, all running Windows 7 or Server 2008.
            Jenkins 1.511 (UI accessed via HTTPS), JRE 1.7.0_07 64bit running on Win7 Pro SP1 64bit.
            Multiple slaves, all running Windows 7 or Server 2008.
            mdkf Michael Fowler made changes -
            Link This issue is related to JENKINS-17718 [ JENKINS-17718 ]
            jglick Jesse Glick made changes -
            Link This issue is duplicated by JENKINS-17718 [ JENKINS-17718 ]
            jglick Jesse Glick made changes -
            Link This issue is related to JENKINS-17718 [ JENKINS-17718 ]
            mrkk kalpesh soni made changes -
            Assignee Kohsuke Kawaguchi [ kktest10 ]
            kraai Matt Kraai made changes -
            Link This issue is duplicated by JENKINS-17824 [ JENKINS-17824 ]
            jglick Jesse Glick made changes -
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Resolved [ 5 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 148856 ] JNJira + In-Review [ 192906 ]

            People

              kktest10 Kohsuke Kawaguchi
              klou Kurt
              Votes:
              13 Vote for this issue
              Watchers:
              20 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: