Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20816

BadCredentialsException: Failed to retrieve user information for jusurb; nested exception is javax.naming.PartialResultException

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not A Defect
    • Icon: Minor Minor
    • active-directory-plugin
    • Linux debian 2.6.32-5-amd64
      java version "1.7.0_25"
      OpenJDK Runtime Environment (IcedTea 2.3.10) (7u25-2.3.10-1~deb7u1)
      OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)
      Jenkins v1.540

      I suspect the ActiveDirectory server went down, and jenkins tried to authenticate currently logged on user and failed throwing this exception.
      Stack trace:

      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for jusurb; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: my.domainserver.xx:389 [Root exception is java.net.ConnectException: Connection refused]]
	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:309)
	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
	at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
	at org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.loadUserDetails(TokenBasedRememberMeServices.java:308)
	at org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.autoLogin(TokenBasedRememberMeServices.java:218)
	at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$1.autoLogin(ActiveDirectorySecurityRealm.java:140)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:104)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
	at org.eclipse.jetty.server.Server.handle(Server.java:370)
	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:724)
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: my.domainserver.xx:389 [Root exception is java.net.ConnectException: Connection refused]]
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:242)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189)
	at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:44)
	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:263)
	... 47 more
Caused by: javax.naming.CommunicationException: my.domainserver.xx:389 [Root exception is java.net.ConnectException: Connection refused]
	at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:92)
	at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:357)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:226)
	... 50 more
Caused by: java.net.ConnectException: Connection refused
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:579)
	at java.net.Socket.connect(Socket.java:528)
	at java.net.Socket.<init>(Socket.java:425)
	at java.net.Socket.<init>(Socket.java:208)
	at com.sun.jndi.ldap.Connection.createSocket(Connection.java:366)
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:201)
	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136)
	at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1600)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:152)
	at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52)
	at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601)
	at javax.naming.spi.NamingManager.processURL(NamingManager.java:381)
	at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361)
	at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333)
	at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:111)
	... 53 more

          [JENKINS-20816] BadCredentialsException: Failed to retrieve user information for jusurb; nested exception is javax.naming.PartialResultException

          Oleg Nenashev added a comment -

          The issue had wrong components

          Oleg Nenashev added a comment - The issue had wrong components

          Daniel Beck added a comment -

          There does not seem to be a bug here. You integration Jenkins with Active Directory, cut the network connection between them, and things start failing. Jenkins tells you. Seems expected and useful.

          Daniel Beck added a comment - There does not seem to be a bug here. You integration Jenkins with Active Directory, cut the network connection between them, and things start failing. Jenkins tells you. Seems expected and useful.

          Justinas Urbanavicius added a comment -

          I would expect a message, saying that jenkins cannot connect to active directory, probably due to connection failure, not to take down whole jenkins CI server throwing an expection wouldn't it be more logical ?

          Justinas Urbanavicius added a comment - I would expect a message, saying that jenkins cannot connect to active directory, probably due to connection failure, not to take down whole jenkins CI server throwing an expection wouldn't it be more logical ?

          Daniel Beck added a comment -

          message, saying that jenkins cannot connect to active directory, probably due to connection failure

          That's what it does. (Granted, it's in programmerese, but still.)

          take down whole jenkins CI server throwing an expection

          The error seems to be UI (+auth related subsystems like CLI) only, so builds etc. should continue running. Don't they?

          wouldn't it be more logical?

          So this is about the cosmetic issue how the issue is presented to the user?

          Daniel Beck added a comment - message, saying that jenkins cannot connect to active directory, probably due to connection failure That's what it does. (Granted, it's in programmerese, but still.) take down whole jenkins CI server throwing an expection The error seems to be UI (+auth related subsystems like CLI) only, so builds etc. should continue running. Don't they? wouldn't it be more logical? So this is about the cosmetic issue how the issue is presented to the user?

          Justinas Urbanavicius added a comment -

          yes, by saying, that it took down jenkins, i mean, i got a page, that looked mutilated, with stack trace, and i couldn't navigate from that page, except for forward back buttons on the browser, that didn't really help, until the connection got restored after a few refreshes.
          an error message with explanation and server's name would be really appreciated and more informative to me as the end user and anyone that does not know java.

          Justinas Urbanavicius added a comment - yes, by saying, that it took down jenkins, i mean, i got a page, that looked mutilated, with stack trace, and i couldn't navigate from that page, except for forward back buttons on the browser, that didn't really help, until the connection got restored after a few refreshes. an error message with explanation and server's name would be really appreciated and more informative to me as the end user and anyone that does not know java.

          Daniel Beck added a comment -

          Was it a page with "angry Jenkins" (https://github.com/jenkinsci/jenkins/blob/master/war/src/main/webapp/images/rage.png), or one completely "without design"?

          Daniel Beck added a comment - Was it a page with "angry Jenkins" ( https://github.com/jenkinsci/jenkins/blob/master/war/src/main/webapp/images/rage.png ), or one completely "without design"?

          Justinas Urbanavicius added a comment -

          can't really remember but i think with angry jenkins, it looks familiar

          Justinas Urbanavicius added a comment - can't really remember but i think with angry jenkins, it looks familiar

          Daniel Beck added a comment -

          The problem is that, especially given how extensible Jenkins is, accounting for all possible failures is impossible. So some will show the angry Jenkins error page.

          Note also that this page is way more helpful to many users (and the developers handling the error report later) than a nice, but uninformative "an error occurred that we assume is vague related to authentication" page could ever be.

          I'm currently working on improving that page (e.g. actually link to the wiki page explaining how to report issues and how the Jenkins project uses Jira), and will incorporate a simpler error message in addition to the full stack trace. It would probably look like one of the following in your case:

          Failed to retrieve user information for jusurb; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: my.domainserver.xx:389 [Root exception is java.net.ConnectException: Connection refused]]

          Failed to retrieve user information for jusurb; nested exception is [Root exception is: my.domainserver.xx:389 [Root exception is: Connection refused]]

          While still not ideal, it's clear from either that it's a network connection issue involving your AD server, and the user jusurb.

          Daniel Beck added a comment - The problem is that, especially given how extensible Jenkins is, accounting for all possible failures is impossible. So some will show the angry Jenkins error page. Note also that this page is way more helpful to many users (and the developers handling the error report later) than a nice, but uninformative "an error occurred that we assume is vague related to authentication" page could ever be. I'm currently working on improving that page (e.g. actually link to the wiki page explaining how to report issues and how the Jenkins project uses Jira), and will incorporate a simpler error message in addition to the full stack trace. It would probably look like one of the following in your case: Failed to retrieve user information for jusurb; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: my.domainserver.xx:389 [Root exception is java.net.ConnectException: Connection refused] ] Failed to retrieve user information for jusurb; nested exception is [Root exception is: my.domainserver.xx:389 [Root exception is: Connection refused] ] While still not ideal, it's clear from either that it's a network connection issue involving your AD server, and the user jusurb.

          Justinas Urbanavicius added a comment -

          i totally agree with you. I've seen some applications that display a user friendly error and have a link or a button "more details" that then clicked, shows the stack trace and error code or more related information, that is helpful for developers. It's both user friendly and informative.

          Justinas Urbanavicius added a comment - i totally agree with you. I've seen some applications that display a user friendly error and have a link or a button "more details" that then clicked, shows the stack trace and error code or more related information, that is helpful for developers. It's both user friendly and informative.

            kohsuke Kohsuke Kawaguchi
            gameshas Justinas Urbanavicius
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: