Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22745

ActiveDirectory Plugin, problem with logon

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • active-directory-plugin
    • None
    • RHEL 6.5, java 1.7.51

      Problem with authentication by AD in version 1.37, version 1.36 is ok

      System log dump (blinded):

      Bound to XXXXXX.AD.HOST:3269
      Apr 24, 2014 1:53:56 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      Failed to find XXX in userPrincipalName. Trying sAMAccountName
      Apr 24, 2014 1:53:56 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      Found user XXX : {userprincipalname=userPrincipalName: XXX@XXX.DOMAIN, usercertificate=userCertificate: ......

      Looking up group of CN=XXX,OU=AAA,OU=Users,OU=XX,DC=xx,DC=xxx

      then i received lot of

      CN=XXX,OU=AAA,OU=Users,OU=XX,DC=xx,DC=xxx is a member of cn: grp1
      CN=XXX,OU=AAA,OU=Users,OU=XX,DC=xx,DC=xxx is a member of cn: grp2
      .
      .
      .
      .
      .
      Stage 2: looking up via memberOf

      And here process was break and on the logon site I saw below exception

      java.lang.NullPointerException
      at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:656)
      at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:574)
      at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1997)
      at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1859)
      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1784)
      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1801)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:424)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:406)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:388)
      at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:409)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:293)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
      at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
      at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
      at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
      at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:79)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:482)
      at java.util.concurrent.FutureTask.run(FutureTask.java:273)
      at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1156)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:626)
      at java.lang.Thread.run(Thread.java:804)

          [JENKINS-22745] ActiveDirectory Plugin, problem with logon

          Lu Zu created issue -
          Lu Zu made changes -
          Description Original: Problem with authentication by AD

          System log dump (blinded):

          Bound to XXXXXX.AD.HOST:3269
          Apr 24, 2014 1:53:56 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
          Failed to find XXX in userPrincipalName. Trying sAMAccountName
          Apr 24, 2014 1:53:56 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
          Found user XXX : {userprincipalname=userPrincipalName: XXX@XXX.DOMAIN, usercertificate=userCertificate: ......

          Looking up group of CN=XXX,OU=AAA,OU=Users,OU=XX,DC=xx,DC=xxx

          then i received lot of

          CN=XXX,OU=AAA,OU=Users,OU=XX,DC=xx,DC=xxx is a member of cn: grp1
          CN=XXX,OU=AAA,OU=Users,OU=XX,DC=xx,DC=xxx is a member of cn: grp2
          .
          .
          .
          .
          .
          Stage 2: looking up via memberOf

          And here process was break and on the logon site I saw below exception

          java.lang.NullPointerException
          at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:656)
          at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:574)
          at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1997)
          at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1859)
          at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1784)
          at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1801)
          at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:424)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:406)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:388)
          at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:409)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:293)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
          at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
          at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
          at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
          at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
          at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:79)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
          at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
          at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
          at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
          at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
          at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
          at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
          at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
          at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
          at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
          at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
          at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
          at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
          at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:482)
          at java.util.concurrent.FutureTask.run(FutureTask.java:273)
          at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1156)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:626)
          at java.lang.Thread.run(Thread.java:804)           		New: Problem with authentication by AD in version 1.37, version 1.36 is ok

          System log dump (blinded):

          Bound to XXXXXX.AD.HOST:3269
          Apr 24, 2014 1:53:56 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
          Failed to find XXX in userPrincipalName. Trying sAMAccountName
          Apr 24, 2014 1:53:56 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
          Found user XXX : {userprincipalname=userPrincipalName: XXX@XXX.DOMAIN, usercertificate=userCertificate: ......

          Looking up group of CN=XXX,OU=AAA,OU=Users,OU=XX,DC=xx,DC=xxx

          then i received lot of

          CN=XXX,OU=AAA,OU=Users,OU=XX,DC=xx,DC=xxx is a member of cn: grp1
          CN=XXX,OU=AAA,OU=Users,OU=XX,DC=xx,DC=xxx is a member of cn: grp2
          .
          .
          .
          .
          .
          Stage 2: looking up via memberOf

          And here process was break and on the logon site I saw below exception

          java.lang.NullPointerException
          at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:656)
          at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:574)
          at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1997)
          at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1859)
          at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1784)
          at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1801)
          at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:424)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:406)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:388)
          at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:409)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:293)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
          at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
          at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
          at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
          at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
          at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:79)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
          at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
          at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
          at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
          at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
          at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
          at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
          at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
          at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
          at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
          at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
          at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
          at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
          at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:482)
          at java.util.concurrent.FutureTask.run(FutureTask.java:273)
          at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1156)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:626)
          at java.lang.Thread.run(Thread.java:804)
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 154859 ] New: JNJira + In-Review [ 178940 ]

            Unassigned Unassigned
            zulk Lu Zu
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: