-
Bug
-
Resolution: Unresolved
-
Critical
-
Linux
Running Jenkins 1.565.1, LDAP plugin 1.10.2.
I found multiple topics on this subject, but none of them seem to solve my problem.
I am trying to set up LDAP authentication on my Jenkins in my corporate network. Jenkins is running on Linux.
Here are my LDAP settings:
Server: ldap://my_server.abc.corp.company.com
root DN: dc=abc,dc=corp,dc=company,dc=com
manager DN: my_name@abc.corp.company.com
manager password: set
Other settings are blank/default.
When I try to login to Jenkins, even using the same "manager" login, I get a failure, and see the following error in the Jenkins log:
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2 handleBindException
WARNING: Failed to bind to LDAP: userDnCN=my_name,OU=UserPersonalities,OU=site,OU=UNIX,OU=A Name With Spaces,OU=Resources,dc=abc,dc=corp,dc=company,dc=com username=my_name
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1]
I found a Groovy script that was supposed to help me debug the issue:
String[] names = ["my_name","another_name"];
for (name in names) {
println("Checking the name '" + name + "'...")
try
catch (Exception e)
{ println(" It is NOT a user, reason: " + e.getMessage()) } println("");
}
However, it can find the username successfully:
Checking the name 'my_name'...
It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@5a26cfb7
Checking the name 'another_name'...
It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@143fee62
Moreover, I can successfully authenticate using the Active Directory plugin, but its performance is very low (it takes 1-2 minutes to authorize a user), and I don't see any setting to tweak that.
[JENKINS-24623] LDAP AcceptSecurityContext error
Alex Vesely
created issue -
Alex Vesely
made changes -
| Description |
Original:
Running Jenkins 1.565.1, LDAP plugin 1.10.2. I found multiple topics on this subject, but none of them seem to solve my problem. I am trying to set up LDAP authentication on my Jenkins in my corporate network. Jenkins is running on Linux. Here are my LDAP settings: Server: ldap://my_server.abc.corp.company.com root DN: dc=abc,dc=corp,dc=company,dc=com manager DN: my_name@abc.corp.company.com manager password: *set* Other settings are blank/default. When I try to login to Jenkins, even using the same "manager" login, I get a failure, and see the following error in the Jenkins log: org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2 handleBindException WARNING: Failed to bind to LDAP: userDnCN=my_name,OU=UserPersonalities,OU=ims,OU=UNIX,OU=A Name With Spaces,OU=Resources,dc=abc,dc=corp,dc=company,dc=com username=my_name javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1] I found a Groovy script that was supposed to help me debug the issue: String[] names = ["my_name","another_name"]; for (name in names) { println("Checking the name '" + name + "'...") try { println(" It is a USER: " + Jenkins.instance.securityRealm.loadUserByUsername(name)) } catch (Exception e) { println(" It is NOT a user, reason: " + e.getMessage()) } println(""); } However, it can find the username successfully: Checking the name 'my_name'... It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@5a26cfb7 Checking the name 'another_name'... It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@143fee62 Moreover, I can successfully authenticate using the Active Directory plugin, but its performance is very low (it takes 1-2 minutes to authorize a user), and I don't see any setting to tweak that. |
New:
Running Jenkins 1.565.1, LDAP plugin 1.10.2. I found multiple topics on this subject, but none of them seem to solve my problem. I am trying to set up LDAP authentication on my Jenkins in my corporate network. Jenkins is running on Linux. Here are my LDAP settings: Server: ldap://my_server.abc.corp.company.com root DN: dc=abc,dc=corp,dc=company,dc=com manager DN: my_name@abc.corp.company.com manager password: *set* Other settings are blank/default. When I try to login to Jenkins, even using the same "manager" login, I get a failure, and see the following error in the Jenkins log: org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2 handleBindException WARNING: Failed to bind to LDAP: userDnCN=my_name,OU=UserPersonalities,OU=site,OU=UNIX,OU=A Name With Spaces,OU=Resources,dc=abc,dc=corp,dc=company,dc=com username=my_name javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1] I found a Groovy script that was supposed to help me debug the issue: String[] names = ["my_name","another_name"]; for (name in names) { println("Checking the name '" + name + "'...") try { println(" It is a USER: " + Jenkins.instance.securityRealm.loadUserByUsername(name)) } catch (Exception e) { println(" It is NOT a user, reason: " + e.getMessage()) } println(""); } However, it can find the username successfully: Checking the name 'my_name'... It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@5a26cfb7 Checking the name 'another_name'... It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@143fee62 Moreover, I can successfully authenticate using the Active Directory plugin, but its performance is very low (it takes 1-2 minutes to authorize a user), and I don't see any setting to tweak that. |
| Assignee | Original: Kohsuke Kawaguchi [ kohsuke ] | |
| Resolution | New: Not A Defect [ 7 ] | |
| Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Alex Vesely
made changes -
| Resolution | Original: Not A Defect [ 7 ] | |
| Status | Original: Resolved [ 5 ] | New: Reopened [ 4 ] |
| Workflow | Original: JNJira [ 157649 ] | New: JNJira + In-Review [ 186228 ] |