Issue report needs to show this is an issue with Jenkins. Get rid of JenkinsAPI, use only what Jenkins provides.

Provide complete and precise steps to reproduce the problem. How is Active Directory configured? What version of the plugin are you using? (Are both instances using the same plugin version? What happens when you configure the older Jenkins version to use Active Directory?)

In the affected instance, are you able to use the CLI (with authentication)? The XML/JSON API (using e.g. curl)? The Web UI? What is shown on the /whoAmI web page?

Configure a log recorder with logger hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider on level FINE. What gets logged around the time the error occurs?

Maybe really a bug in Jenkins??,

I also get this exception.
We use Jenkins 1.580.1 and an active directory plugin.
When we use the api/xml with an apitoken I get this exception every 2nd request. I don't know why, but my work around is to do each request twice.
Maybe this helps...

I have a similar problem. we use

• Jenkins LTS 1.580.1
• project based matrix acls
• authentication via ldap

reproduce:

• create dummy job
• project based access-control forbids anonymous users
• add a user with read and build permissions
• get an API token for that user
• (I also have a build trigger token, but I don't know if that matters)
• (optional: activate "Build User Vars" plugin and echo ${BUILD_USER} in a bash script)
• trigger the job with curl --user me:apitoken https://server/job/test/build?token=ASDF
• (I have a parameterized build, but again I don't know if that matters)

Expected Result:

• build triggers
• build info contains "Started by <user>"
• (bash script shows <user> as $BUILD_USER)

Actual Result:

• build triggers (i.e. authentication was granted)
• build infos says "started from remote computer <IP>"
• ($BUILD_USER not set in bash script)

To me, this sounds related to the original issue description. Although access via the API token is granted (and no exceptions are thrown), the user data itself is not known to core (build info) or plugins (build user vars).

I consider this functionality critical, because it gives us an easily readable protocol of users that have triggered a certain job (i.e. traceability).

Felix: You're just doing it wrong. Leave out token=ASDF, that's only needed if read access to the job is available and you want to build without being allowed by your authentication. Basically,

(I also have a build trigger token, but I don't know if that matters)

that is the reason Expected and Actual are different.

I'm having this same problem. What info exactly do you need?

See first comment.

I just realized that the submitter was Jenkins Python API. I'm using a PHP and cURL. Seems like the same issue though. Basic same setup as Felix.

<?php
	$curl = curl_init("http://jenkinserver/job/myjob/config.xml");

	curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
	curl_setopt($curl, CURLOPT_USERPWD, "username:apiToken");
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

	$sOutput = curl_exec($curl);

	echo $sOutput ?: curl_error($curl);

	curl_close($curl);
?>

How is Active Directory configured?

Not sure what you mean by this question. I thought there was not configuration for this machine, since it is joined to a domain.

What version of the plugin are you using?

1.39

(Are both instances using the same plugin version? What happens when you configure the older Jenkins version to use Active Directory?)

Both instances of what?

In the affected instance, are you able to use the CLI (with authentication)?

Don't know how to do this.

The XML/JSON API (using e.g. curl)?

Yes - Change the URL to http://jenkinserver/job/myjob/api/json, same effect.

The Web UI?

Not sure how to do this correctly, but tried with Chrome and got redirected to the Login page.

What is shown on the /whoAmI web page?

How do I do that for this process?

Configure a log recorder with logger hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider on level FINE. What gets logged around the time the error occurs?

Can you tell me how to do that?

Not sure what you mean by this question. I thought there was not configuration for this machine, since it is joined to a domain.

To clarify, Active Directory Plugin. It has options in the security preferences.

Both instances of what?

The report mentions two Jenkins instances (at least that's my guess from the report mentioning two vastly different Jenkins versions). Does not apply to you.

How do I do that for this process?

Not sure what you mean. Just go to http://whateveryourjenkinshostnameis/whoAmI when logged in.

Can you tell me how to do that?

https://wiki.jenkins-ci.org/display/JENKINS/Logging

One question I forgot:

Does the user account you want to use actually exist in Active Directory, or only in Jenkins?

To clarify, Active Directory Plugin. It has options in the security preferences.

Default settings (Domain Name & Domain controller are blank, Remove irrelevant groups is unchecked)

Not sure what you mean. Just go to http://whateveryourjenkinshostnameis/whoAmI when logged in.

Do you want all of this data (it's a lot)? The information is correct.

https://wiki.jenkins-ci.org/display/JENKINS/Logging

I did that, ran the test, the log is not capturing anything.

Even changed the logging level to ALL, still nothing.

In fact, I just logged out and back in using the UI and that log still shows nothing. I also tried adding these 2 loggers, still nothing:

hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider
hudson.plugins.active_directory.ActiveDirectoryUserDetail

We're seeming to hit this same issue. We use AD for all user access into Jenkins, and only add AD Groups in the global security config.

laurin1 did you end up figuring this out?

No. We switched to running a PHP script and uses the cURL extension.