Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17703

Active Directory plugin crashes on version 1.31 (2013/04/18)

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Blocker
    • Resolution: Duplicate
    • None
    • Linux XXX.com.br 2.6.18-164.15.1.el5 #1 SMP Mon Mar 1 10:56:08 EST 2010 x86_64 x86_64 x86_64 GNU/Linux
      Jenkins ver. 1.512

    Description

      Today we have updated the active-directory plugin from 1.30 to 1.31 and, after jenkins restart, we got the following error

      Apr 22, 2013 7:51:05 AM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication
      INFO: Login attempt failed
      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for daniel; nested exception is javax.naming.InvalidNameException: CN=Info Desenv - Daniel,OU=Desenvolvimento,OU=Inform\u00E1tica,OU=Administra\u00E7\u00E3o,DC=ciaXXXXX,DC=com,DC=br: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09070B, comment: Error processing name, data 0, v1772]; remaining name 'CN=Info Desenv - Daniel,OU=Desenvolvimento,OU=Inform\u00E1tica,OU=Administra\u00E7\u00E3o,DC=ciaXXXXX,DC=com,DC=br'
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:309)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
      at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
      at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
      at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
      at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
      at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:722)
      Caused by: javax.naming.InvalidNameException: CN=Info Desenv - Daniel,OU=Desenvolvimento,OU=Inform\u00E1tica,OU=Administra\u00E7\u00E3o,DC=ciaXXXXX,DC=com,DC=br: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09070B, comment: Error processing name, data 0, v1772]; remaining name 'CN=Info Desenv - Daniel,OU=Desenvolvimento,OU=Inform\u00E1tica,OU=Administra\u00E7\u00E3o,DC=ciaXXXXX,DC=com,DC=br'
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3025)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
      at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1332)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:373)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:293)
      ... 39 more

      As an temporary workaround we had to downgrade the active directory plugin to 1.30 manually.

      Attachments

        Issue Links

          Activity

            We have faced the same issue

            fbrubbo Fernando Rubbo added a comment - We have faced the same issue
            heinzepreller heinzepreller added a comment -

            We are facing a similar issue. The main difference is that only people with german Umlauts (äöü) in their Names aren't allowed to login. After role back to 1.30 everything works fine again.

            heinzepreller heinzepreller added a comment - We are facing a similar issue. The main difference is that only people with german Umlauts (äöü) in their Names aren't allowed to login. After role back to 1.30 everything works fine again.

            People

              Unassigned Unassigned
              dbaldo Daniel Baldo
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: