Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20064

Cannot use CLI or URL with API token with Active Directory as the access control security realm

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • jenkins-1.534 on Ubuntu with Active Directory plugin 1.33, configured with just the domain (no bind DN or password).
      jenkins-1617 too

      I'm trying to use the Jenkins CLI for a server that is set up with AD as the access control security realm. Logged in users can perform any action.

      The Jenkins server is 1.534 on Ubuntu with Active Directory plugin 1.33, configured with just the domain (no bind DN or password).

      I've provisioned an SSH public key for my user. When I attempt to run CLI against Jenkins it fails with this

      Exception in thread "main" java.io.EOFException
              at java.io.DataInputStream.readBoolean(DataInputStream.java:244)
              at hudson.cli.Connection.readBoolean(Connection.java:95)
              at hudson.cli.CLI.authenticate(CLI.java:644)
              at hudson.cli.CLI._main(CLI.java:474)
              at hudson.cli.CLI.main(CLI.java:384)
      

      and the below is logged on the server. This is similar to JENKINS-12619 though in my case the behavior is consistent and always fails.

      Oct 13, 2013 12:23:35 PM WARNING hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      
      Failed to retrieve user information for username
      javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'DC=mycompany,DC=com'
          at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3072)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
          at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1839)
          at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1762)
          at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1779)
          at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
          at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
          at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:263)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
          at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
          at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:584)
          at hudson.model.User.impersonate(User.java:255)
          at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44)
          at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)
      
      Oct 13, 2013 12:23:35 PM WARNING hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      
      Credential exception tying to authenticate against mycompany.com domain
      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for username; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'DC=mycompany,DC=com'
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:309)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
          at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
          at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:584)
          at hudson.model.User.impersonate(User.java:255)
          at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44)
          at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)
      Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'DC=mycompany,DC=com'
          at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3072)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
          at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1839)
          at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1762)
          at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1779)
          at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
          at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
          at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:263)
          ... 7 more
      

          [JENKINS-20064] Cannot use CLI or URL with API token with Active Directory as the access control security realm

          Fix to JENKINS-9258 fixed this problem.

          Kohsuke Kawaguchi added a comment - Fix to JENKINS-9258 fixed this problem.

          dogfood added a comment -

          Integrated in jenkins_main_trunk #3223
          JENKINS-20064 (Revision 0e339d7a454df119995b896eea14f09a099f99b5)

          Result = UNSTABLE
          kohsuke : 0e339d7a454df119995b896eea14f09a099f99b5
          Files :

          • core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java
          • core/src/main/java/hudson/model/User.java
          • changelog.html
          • test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.groovy

          dogfood added a comment - Integrated in jenkins_main_trunk #3223 JENKINS-20064 (Revision 0e339d7a454df119995b896eea14f09a099f99b5) Result = UNSTABLE kohsuke : 0e339d7a454df119995b896eea14f09a099f99b5 Files : core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java core/src/main/java/hudson/model/User.java changelog.html test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.groovy

          Eric Helgeson added a comment -

          This may have caused a regression in JENKINS-22346 with ssh key auth. Workes in 1.555 and below.

          Eric Helgeson added a comment - This may have caused a regression in JENKINS-22346 with ssh key auth. Workes in 1.555 and below.

          Jesse Glick added a comment -

          Correcting a minor regression in 8423158: User.getAuthorities should not pass on the UsernameNotFoundException.

          Jesse Glick added a comment - Correcting a minor regression in 8423158: User.getAuthorities should not pass on the UsernameNotFoundException .

          Daniel Christophis added a comment - - edited

          Also broken in LTS Version 1.565.1.

          I get the following LDAP error when trying to use CLI commands:

          Exception in thread "Thread-XX" org.acegisecurity.userdetails.UsernameNotFoundException: User XXXXX not found in directory.
          	at org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:126)
          	at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:787)
          	at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:738)
          	at jenkins.security.ImpersonatingUserDetailsService.loadUserByUsername(ImpersonatingUserDetailsService.java:32)
          	at hudson.model.User.impersonate(User.java:266)
          	at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44)
          	at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)
          
          

          And of course related with this:

          Exception in thread "main" java.io.EOFException
          	at java.io.DataInputStream.readBoolean(DataInputStream.java:244)
          	at hudson.cli.Connection.readBoolean(Connection.java:95)
          	at hudson.cli.CLI.authenticate(CLI.java:634)
          	at hudson.cli.CLI._main(CLI.java:474)
          	at hudson.cli.CLI.main(CLI.java:384)
          

          Any suggestions for temporary workarounds?

          Daniel Christophis added a comment - - edited Also broken in LTS Version 1.565.1. I get the following LDAP error when trying to use CLI commands: Exception in thread " Thread -XX" org.acegisecurity.userdetails.UsernameNotFoundException: User XXXXX not found in directory. at org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:126) at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:787) at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:738) at jenkins.security.ImpersonatingUserDetailsService.loadUserByUsername(ImpersonatingUserDetailsService.java:32) at hudson.model.User.impersonate(User.java:266) at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44) at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109) And of course related with this: Exception in thread "main" java.io.EOFException at java.io.DataInputStream.readBoolean(DataInputStream.java:244) at hudson.cli.Connection.readBoolean(Connection.java:95) at hudson.cli.CLI.authenticate(CLI.java:634) at hudson.cli.CLI._main(CLI.java:474) at hudson.cli.CLI.main(CLI.java:384) Any suggestions for temporary workarounds?

          Please forgive if this it not the same issue. I'm running Jenkins 1.575 w/ Active Directory plugin 1.37 and using an API token to authenticate using the HTTP API works fine, but when I try to authenticate jenkins-cli with an API token like this:

          java -jar jenkins-cli.jar -s http://jenkins.intranet:8080/jenkins who-am-i --username dserodi --password MY_API_KEY
          

          I get this stracktrace:

          org.acegisecurity.BadCredentialsException: Either no such user 'dserodi@intranet' or incorrect password; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
              at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:385)
              at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:248)
              at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
              at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
              at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.authenticate(ActiveDirectorySecurityRealm.java:602)
              at hudson.security.AbstractPasswordBasedSecurityRealm.doAuthenticate(AbstractPasswordBasedSecurityRealm.java:114)
              at hudson.security.AbstractPasswordBasedSecurityRealm.access$100(AbstractPasswordBasedSecurityRealm.java:39)
              at hudson.security.AbstractPasswordBasedSecurityRealm$1.authenticate(AbstractPasswordBasedSecurityRealm.java:81)
              at hudson.cli.CLICommand.main(CLICommand.java:228)
              at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:606)
              at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:309)
              at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:290)
              at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:249)
              at hudson.remoting.UserRequest.perform(UserRequest.java:118)
              at hudson.remoting.UserRequest.perform(UserRequest.java:48)
              at hudson.remoting.Request$2.run(Request.java:328)
              at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
              at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63)
              at hudson.remoting.InterceptingExecutorService$2.call(InterceptingExecutorService.java:95)
              at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
              at java.util.concurrent.FutureTask.run(FutureTask.java:262)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
              at java.lang.Thread.run(Thread.java:744)
          Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
              at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
              at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
              at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
              at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
              at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2635)
              at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2622)
              at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2618)
              at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:454)
              at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:370)
              ... 27 more
          

          Daniel Serodio added a comment - Please forgive if this it not the same issue. I'm running Jenkins 1.575 w/ Active Directory plugin 1.37 and using an API token to authenticate using the HTTP API works fine, but when I try to authenticate jenkins-cli with an API token like this: java -jar jenkins-cli.jar -s http: //jenkins.intranet:8080/jenkins who-am-i --username dserodi --password MY_API_KEY I get this stracktrace: org.acegisecurity.BadCredentialsException: Either no such user 'dserodi@intranet' or incorrect password; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:385) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:248) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.authenticate(ActiveDirectorySecurityRealm.java:602) at hudson.security.AbstractPasswordBasedSecurityRealm.doAuthenticate(AbstractPasswordBasedSecurityRealm.java:114) at hudson.security.AbstractPasswordBasedSecurityRealm.access$100(AbstractPasswordBasedSecurityRealm.java:39) at hudson.security.AbstractPasswordBasedSecurityRealm$1.authenticate(AbstractPasswordBasedSecurityRealm.java:81) at hudson.cli.CLICommand.main(CLICommand.java:228) at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:309) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:290) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:249) at hudson.remoting.UserRequest.perform(UserRequest.java:118) at hudson.remoting.UserRequest.perform(UserRequest.java:48) at hudson.remoting.Request$2.run(Request.java:328) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63) at hudson.remoting.InterceptingExecutorService$2.call(InterceptingExecutorService.java:95) at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang. Thread .run( Thread .java:744) Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2635) at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2622) at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2618) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:454) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:370) ... 27 more

          Sorin Sbarnea added a comment -

          I can confirm the the issue, tried to use API_TOKEN as a password for the CLI usage and I got the error below from a jenkins instance that is configured to accept LDAP logins:

          org.acegisecurity.AuthenticationServiceException: Application name and/or password are not valid.; nested exception is com.atlassian.crowd.exception.InvalidAuthenticationException: Account with name <svcacct_scale> failed to authenticate
          	at de.theit.jenkins.crowd.CrowdSecurityRealm.authenticate(CrowdSecurityRealm.java:394)
          	at hudson.security.AbstractPasswordBasedSecurityRealm.doAuthenticate(AbstractPasswordBasedSecurityRealm.java:114)
          	at hudson.security.AbstractPasswordBasedSecurityRealm.access$100(AbstractPasswordBasedSecurityRealm.java:39)
          	at hudson.security.AbstractPasswordBasedSecurityRealm$1.authenticate(AbstractPasswordBasedSecurityRealm.java:81)
          	at hudson.cli.CLICommand.main(CLICommand.java:231)
          	at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92)
          	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
          	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          	at java.lang.reflect.Method.invoke(Method.java:497)
          	at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:326)
          	at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:301)
          	at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:260)
          	at hudson.remoting.UserRequest.perform(UserRequest.java:121)
          	at hudson.remoting.UserRequest.perform(UserRequest.java:49)
          	at hudson.remoting.Request$2.run(Request.java:325)
          	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
          	at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63)
          	at hudson.remoting.CallableDecoratorAdapter.call(CallableDecoratorAdapter.java:18)
          	at hudson.remoting.CallableDecoratorList$1.call(CallableDecoratorList.java:21)
          	at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
          	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
          	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
          	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
          	at java.lang.Thread.run(Thread.java:745)
          Caused by: com.atlassian.crowd.exception.InvalidAuthenticationException: Account with name <svcacct_scale> failed to authenticate
          	at com.atlassian.crowd.exception.InvalidAuthenticationException.newInstanceWithName(InvalidAuthenticationException.java:50)
          	at com.atlassian.crowd.integration.rest.service.RestCrowdClient.handleInvalidUserAuthentication(RestCrowdClient.java:1187)
          	at com.atlassian.crowd.integration.rest.service.RestCrowdClient.authenticateUser(RestCrowdClient.java:128)
          	at de.theit.jenkins.crowd.CrowdSecurityRealm.authenticate(CrowdSecurityRealm.java:376)
          	... 24 more

          Sorin Sbarnea added a comment - I can confirm the the issue, tried to use API_TOKEN as a password for the CLI usage and I got the error below from a jenkins instance that is configured to accept LDAP logins: org.acegisecurity.AuthenticationServiceException: Application name and/or password are not valid.; nested exception is com.atlassian.crowd.exception.InvalidAuthenticationException: Account with name <svcacct_scale> failed to authenticate at de.theit.jenkins.crowd.CrowdSecurityRealm.authenticate(CrowdSecurityRealm.java:394) at hudson.security.AbstractPasswordBasedSecurityRealm.doAuthenticate(AbstractPasswordBasedSecurityRealm.java:114) at hudson.security.AbstractPasswordBasedSecurityRealm.access$100(AbstractPasswordBasedSecurityRealm.java:39) at hudson.security.AbstractPasswordBasedSecurityRealm$1.authenticate(AbstractPasswordBasedSecurityRealm.java:81) at hudson.cli.CLICommand.main(CLICommand.java:231) at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:326) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:301) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:260) at hudson.remoting.UserRequest.perform(UserRequest.java:121) at hudson.remoting.UserRequest.perform(UserRequest.java:49) at hudson.remoting.Request$2.run(Request.java:325) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68) at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63) at hudson.remoting.CallableDecoratorAdapter.call(CallableDecoratorAdapter.java:18) at hudson.remoting.CallableDecoratorList$1.call(CallableDecoratorList.java:21) at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang. Thread .run( Thread .java:745) Caused by: com.atlassian.crowd.exception.InvalidAuthenticationException: Account with name <svcacct_scale> failed to authenticate at com.atlassian.crowd.exception.InvalidAuthenticationException.newInstanceWithName(InvalidAuthenticationException.java:50) at com.atlassian.crowd.integration. rest .service.RestCrowdClient.handleInvalidUserAuthentication(RestCrowdClient.java:1187) at com.atlassian.crowd.integration. rest .service.RestCrowdClient.authenticateUser(RestCrowdClient.java:128) at de.theit.jenkins.crowd.CrowdSecurityRealm.authenticate(CrowdSecurityRealm.java:376) ... 24 more

          Jesse Glick added a comment -

          Probably the subsequent comments are really about JENKINS-22346.

          Jesse Glick added a comment - Probably the subsequent comments are really about JENKINS-22346 .

          yann kerherve added a comment -

          jglick You marked it as resolved, but where is the fix? Thanks

          yann kerherve added a comment - jglick You marked it as resolved, but where is the fix? Thanks

          Jesse Glick added a comment -

          Jesse Glick added a comment - http://jenkins-ci.org/commit/jenkins/0e339d7a454df119995b896eea14f09a099f99b5 as noted above.

            kohsuke Kohsuke Kawaguchi
            david_resnick David Resnick
            Votes:
            6 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: