Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-24960

Active directory Logon Timeout

    XMLWordPrintable

Details

    Description

      If I update the Active directory plugin to 1.38 I get time out on logon. If I go back to the 1.33 version it works fine.

      02.10.2014 09:06:23 hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      WARNUNG: Failed to retrieve user information for XXXXXXXX
      javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=XXXXX,DC=XXXXXXX,DC=XXX'
      	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
      	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
      	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      	at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.chainGroupLookup(ActiveDirectoryUnixAuthenticationProvider.java:447)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:416)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:296)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:196)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:140)
      	at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
      	at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
      	at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
      	at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
      	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:74)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      	at org.eclipse.jetty.server.Server.handle(Server.java:370)
      	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
      	at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
      	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
      	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      	at java.lang.Thread.run(Unknown Source)
      02.10.2014 09:06:23 hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      WARNUNG: Credential exception trying to authenticate against ww004.siemens.net domain
      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for XXXXXXXX; nested exception is javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=XXXXX,DC=XXXXXXX,DC=XXX'
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:312)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:196)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:140)
      	at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
      	at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
      	at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
      	at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
      	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:74)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      	at org.eclipse.jetty.server.Server.handle(Server.java:370)
      	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
      	at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
      	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
      	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      	at java.lang.Thread.run(Unknown Source)
      Caused by: javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=XXXXX,DC=XXXXXXX,DC=XXX'
      	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
      	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
      	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      	at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.chainGroupLookup(ActiveDirectoryUnixAuthenticationProvider.java:447)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:416)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:296)
      	... 45 more
      

      Attachments

        Issue Links

          Activity

            I've captured JENKINS-22763 that better represents the task that I see.

            I have questions to people who are reporting this issue here. This problem happens only when you run your master on Windows and choose to specify custom AD domain name, whereas I expected that people normally don't have to do that and just leave everything to the default.

            So, why did you have to specify the custom domain name?

            kohsuke Kohsuke Kawaguchi added a comment - I've captured JENKINS-22763 that better represents the task that I see. I have questions to people who are reporting this issue here. This problem happens only when you run your master on Windows and choose to specify custom AD domain name, whereas I expected that people normally don't have to do that and just leave everything to the default. So, why did you have to specify the custom domain name?
            danielbeck Daniel Beck added a comment -

            Not currently using this plugin, but IIRC that's necessary when the server is jenkins.uk.corp.com, and users are foo@uk.corp.com but also bar@us.corp.com.

            Correct issue link: JENKINS-27763

            danielbeck Daniel Beck added a comment - Not currently using this plugin, but IIRC that's necessary when the server is jenkins.uk.corp.com, and users are foo@uk.corp.com but also bar@us.corp.com. Correct issue link: JENKINS-27763

            I've had success with adding in the <groupLookupStrategy>Recursive</groupLookupStrategy> that podskalsky pointed out. However, I've already noticed that Jenkins overwrites my changes and removes this entry, causing my authentication to go wrong again... What gives?! Any advice?

            tsevg9 Tyler Effinger added a comment - I've had success with adding in the <groupLookupStrategy>Recursive</groupLookupStrategy> that podskalsky pointed out. However, I've already noticed that Jenkins overwrites my changes and removes this entry, causing my authentication to go wrong again... What gives?! Any advice?
            danielbeck Daniel Beck added a comment -

            tsevg9: The issue appears because submitting the current (incomplete) config form resets the internal option value you set. See the issue linked in my comment (should also get fixed in the context of that issue).

            danielbeck Daniel Beck added a comment - tsevg9 : The issue appears because submitting the current (incomplete) config form resets the internal option value you set. See the issue linked in my comment (should also get fixed in the context of that issue).
            ssbarnea Sorin Sbarnea added a comment -

            This bug still happens with latest versions of Jenkins and the AD plugin making the entire plugin useless.

            ssbarnea Sorin Sbarnea added a comment - This bug still happens with latest versions of Jenkins and the AD plugin making the entire plugin useless.

            People

              Unassigned Unassigned
              svanschu Sven Schultschik
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: