Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-24623

LDAP AcceptSecurityContext error

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Reopened (View Workflow)
    • Priority: Critical
    • Resolution: Unresolved
    • Component/s: ldap-plugin
    • Labels:
    • Environment:
      Linux
    • Similar Issues:

      Description

      Running Jenkins 1.565.1, LDAP plugin 1.10.2.

      I found multiple topics on this subject, but none of them seem to solve my problem.

      I am trying to set up LDAP authentication on my Jenkins in my corporate network. Jenkins is running on Linux.
      Here are my LDAP settings:

      Server: ldap://my_server.abc.corp.company.com
      root DN: dc=abc,dc=corp,dc=company,dc=com
      manager DN: my_name@abc.corp.company.com
      manager password: set

      Other settings are blank/default.
      When I try to login to Jenkins, even using the same "manager" login, I get a failure, and see the following error in the Jenkins log:

      org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2 handleBindException
      WARNING: Failed to bind to LDAP: userDnCN=my_name,OU=UserPersonalities,OU=site,OU=UNIX,OU=A Name With Spaces,OU=Resources,dc=abc,dc=corp,dc=company,dc=com username=my_name
      javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1]

      I found a Groovy script that was supposed to help me debug the issue:
      String[] names = ["my_name","another_name"];
      for (name in names) {
      println("Checking the name '" + name + "'...")
      try

      { println(" It is a USER: " + Jenkins.instance.securityRealm.loadUserByUsername(name)) }

      catch (Exception e)

      { println(" It is NOT a user, reason: " + e.getMessage()) }

      println("");
      }

      However, it can find the username successfully:
      Checking the name 'my_name'...
      It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@5a26cfb7

      Checking the name 'another_name'...
      It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@143fee62

      Moreover, I can successfully authenticate using the Active Directory plugin, but its performance is very low (it takes 1-2 minutes to authorize a user), and I don't see any setting to tweak that.

        Attachments

          Activity

          alex01ves Alex Vesely created issue -
          alex01ves Alex Vesely made changes -
          Field Original Value New Value
          Description Running Jenkins 1.565.1, LDAP plugin 1.10.2.

          I found multiple topics on this subject, but none of them seem to solve my problem.

          I am trying to set up LDAP authentication on my Jenkins in my corporate network. Jenkins is running on Linux.
          Here are my LDAP settings:

          Server: ldap://my_server.abc.corp.company.com
          root DN: dc=abc,dc=corp,dc=company,dc=com
          manager DN: my_name@abc.corp.company.com
          manager password: *set*

          Other settings are blank/default.
          When I try to login to Jenkins, even using the same "manager" login, I get a failure, and see the following error in the Jenkins log:

          org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2 handleBindException
          WARNING: Failed to bind to LDAP: userDnCN=my_name,OU=UserPersonalities,OU=ims,OU=UNIX,OU=A Name With Spaces,OU=Resources,dc=abc,dc=corp,dc=company,dc=com username=my_name
          javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1]




          I found a Groovy script that was supposed to help me debug the issue:
              String[] names = ["my_name","another_name"];
              for (name in names) {
                println("Checking the name '" + name + "'...")
                try {
                  println(" It is a USER: " + Jenkins.instance.securityRealm.loadUserByUsername(name))
                } catch (Exception e) {

                  println(" It is NOT a user, reason: " + e.getMessage())
                }
                println("");
              }
                                                               
          However, it can find the username successfully:
          Checking the name 'my_name'...
            It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@5a26cfb7

          Checking the name 'another_name'...
            It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@143fee62



          Moreover, I can successfully authenticate using the Active Directory plugin, but its performance is very low (it takes 1-2 minutes to authorize a user), and I don't see any setting to tweak that.
          Running Jenkins 1.565.1, LDAP plugin 1.10.2.

          I found multiple topics on this subject, but none of them seem to solve my problem.

          I am trying to set up LDAP authentication on my Jenkins in my corporate network. Jenkins is running on Linux.
          Here are my LDAP settings:

          Server: ldap://my_server.abc.corp.company.com
          root DN: dc=abc,dc=corp,dc=company,dc=com
          manager DN: my_name@abc.corp.company.com
          manager password: *set*

          Other settings are blank/default.
          When I try to login to Jenkins, even using the same "manager" login, I get a failure, and see the following error in the Jenkins log:

          org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2 handleBindException
          WARNING: Failed to bind to LDAP: userDnCN=my_name,OU=UserPersonalities,OU=site,OU=UNIX,OU=A Name With Spaces,OU=Resources,dc=abc,dc=corp,dc=company,dc=com username=my_name
          javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1]




          I found a Groovy script that was supposed to help me debug the issue:
              String[] names = ["my_name","another_name"];
              for (name in names) {
                println("Checking the name '" + name + "'...")
                try {
                  println(" It is a USER: " + Jenkins.instance.securityRealm.loadUserByUsername(name))
                } catch (Exception e) {

                  println(" It is NOT a user, reason: " + e.getMessage())
                }
                println("");
              }
                                                               
          However, it can find the username successfully:
          Checking the name 'my_name'...
            It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@5a26cfb7

          Checking the name 'another_name'...
            It is a USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@143fee62



          Moreover, I can successfully authenticate using the Active Directory plugin, but its performance is very low (it takes 1-2 minutes to authorize a user), and I don't see any setting to tweak that.
          danielbeck Daniel Beck made changes -
          Assignee Kohsuke Kawaguchi [ kohsuke ]
          Resolution Not A Defect [ 7 ]
          Status Open [ 1 ] Resolved [ 5 ]
          alex01ves Alex Vesely made changes -
          Resolution Not A Defect [ 7 ]
          Status Resolved [ 5 ] Reopened [ 4 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 157649 ] JNJira + In-Review [ 186228 ]

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            alex01ves Alex Vesely
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: