Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20816

BadCredentialsException: Failed to retrieve user information for jusurb; nested exception is javax.naming.PartialResultException

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Not A Defect
    • Environment:
      Linux debian 2.6.32-5-amd64
      java version "1.7.0_25"
      OpenJDK Runtime Environment (IcedTea 2.3.10) (7u25-2.3.10-1~deb7u1)
      OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)
      Jenkins v1.540
    • Similar Issues:

      Description

      I suspect the ActiveDirectory server went down, and jenkins tried to authenticate currently logged on user and failed throwing this exception.
      Stack trace:

      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for jusurb; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: my.domainserver.xx:389 [Root exception is java.net.ConnectException: Connection refused]]
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:309)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
      	at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
      	at org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.loadUserDetails(TokenBasedRememberMeServices.java:308)
      	at org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.autoLogin(TokenBasedRememberMeServices.java:218)
      	at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$1.autoLogin(ActiveDirectorySecurityRealm.java:140)
      	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:104)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      	at org.eclipse.jetty.server.Server.handle(Server.java:370)
      	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
      	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
      	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
      	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      	at java.lang.Thread.run(Thread.java:724)
      Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: my.domainserver.xx:389 [Root exception is java.net.ConnectException: Connection refused]]
      	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:242)
      	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189)
      	at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:44)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:263)
      	... 47 more
      Caused by: javax.naming.CommunicationException: my.domainserver.xx:389 [Root exception is java.net.ConnectException: Connection refused]
      	at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:92)
      	at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150)
      	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:357)
      	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:226)
      	... 50 more
      Caused by: java.net.ConnectException: Connection refused
      	at java.net.PlainSocketImpl.socketConnect(Native Method)
      	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
      	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
      	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
      	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
      	at java.net.Socket.connect(Socket.java:579)
      	at java.net.Socket.connect(Socket.java:528)
      	at java.net.Socket.<init>(Socket.java:425)
      	at java.net.Socket.<init>(Socket.java:208)
      	at com.sun.jndi.ldap.Connection.createSocket(Connection.java:366)
      	at com.sun.jndi.ldap.Connection.<init>(Connection.java:201)
      	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136)
      	at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1600)
      	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698)
      	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
      	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
      	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:152)
      	at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52)
      	at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601)
      	at javax.naming.spi.NamingManager.processURL(NamingManager.java:381)
      	at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361)
      	at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333)
      	at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:111)
      	... 53 more
      

        Attachments

          Activity

          Hide
          gameshas Justinas Urbanavicius added a comment -

          yes, by saying, that it took down jenkins, i mean, i got a page, that looked mutilated, with stack trace, and i couldn't navigate from that page, except for forward back buttons on the browser, that didn't really help, until the connection got restored after a few refreshes.
          an error message with explanation and server's name would be really appreciated and more informative to me as the end user and anyone that does not know java.

          Show
          gameshas Justinas Urbanavicius added a comment - yes, by saying, that it took down jenkins, i mean, i got a page, that looked mutilated, with stack trace, and i couldn't navigate from that page, except for forward back buttons on the browser, that didn't really help, until the connection got restored after a few refreshes. an error message with explanation and server's name would be really appreciated and more informative to me as the end user and anyone that does not know java.
          Hide
          danielbeck Daniel Beck added a comment -

          Was it a page with "angry Jenkins" (https://github.com/jenkinsci/jenkins/blob/master/war/src/main/webapp/images/rage.png), or one completely "without design"?

          Show
          danielbeck Daniel Beck added a comment - Was it a page with "angry Jenkins" ( https://github.com/jenkinsci/jenkins/blob/master/war/src/main/webapp/images/rage.png ), or one completely "without design"?
          Hide
          gameshas Justinas Urbanavicius added a comment -

          can't really remember but i think with angry jenkins, it looks familiar

          Show
          gameshas Justinas Urbanavicius added a comment - can't really remember but i think with angry jenkins, it looks familiar
          Hide
          danielbeck Daniel Beck added a comment -

          The problem is that, especially given how extensible Jenkins is, accounting for all possible failures is impossible. So some will show the angry Jenkins error page.

          Note also that this page is way more helpful to many users (and the developers handling the error report later) than a nice, but uninformative "an error occurred that we assume is vague related to authentication" page could ever be.

          I'm currently working on improving that page (e.g. actually link to the wiki page explaining how to report issues and how the Jenkins project uses Jira), and will incorporate a simpler error message in addition to the full stack trace. It would probably look like one of the following in your case:

          Failed to retrieve user information for jusurb; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: my.domainserver.xx:389 [Root exception is java.net.ConnectException: Connection refused]]

          Failed to retrieve user information for jusurb; nested exception is [Root exception is: my.domainserver.xx:389 [Root exception is: Connection refused]]

          While still not ideal, it's clear from either that it's a network connection issue involving your AD server, and the user jusurb.

          Show
          danielbeck Daniel Beck added a comment - The problem is that, especially given how extensible Jenkins is, accounting for all possible failures is impossible. So some will show the angry Jenkins error page. Note also that this page is way more helpful to many users (and the developers handling the error report later) than a nice, but uninformative "an error occurred that we assume is vague related to authentication" page could ever be. I'm currently working on improving that page (e.g. actually link to the wiki page explaining how to report issues and how the Jenkins project uses Jira), and will incorporate a simpler error message in addition to the full stack trace. It would probably look like one of the following in your case: Failed to retrieve user information for jusurb; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: my.domainserver.xx:389 [Root exception is java.net.ConnectException: Connection refused] ] Failed to retrieve user information for jusurb; nested exception is [Root exception is: my.domainserver.xx:389 [Root exception is: Connection refused] ] While still not ideal, it's clear from either that it's a network connection issue involving your AD server, and the user jusurb.
          Hide
          gameshas Justinas Urbanavicius added a comment -

          i totally agree with you. I've seen some applications that display a user friendly error and have a link or a button "more details" that then clicked, shows the stack trace and error code or more related information, that is helpful for developers. It's both user friendly and informative.

          Show
          gameshas Justinas Urbanavicius added a comment - i totally agree with you. I've seen some applications that display a user friendly error and have a link or a button "more details" that then clicked, shows the stack trace and error code or more related information, that is helpful for developers. It's both user friendly and informative.

            People

            Assignee:
            kohsuke Kohsuke Kawaguchi
            Reporter:
            gameshas Justinas Urbanavicius
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: