Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25180

Unable to authenticate using LDAP after upgrading to 1.576 or higher

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • core
    • None
    • ubuntu 12.04 and 14.04 openldap, authentication is normally done by Apache and the user information should be retrieved by Jenkins from ldap.

      After upgrading to 1.576 or higher LDAP authentication fails. It is very repeatable and downgrading to 1.575 fixes the issue. I have tried 1.576 1.577 1.580 and 1.584 but am unable to log in.

      Basically, I disable security and then setup the same config again and am still unable to log in.
      I am using ldap 1.6 plugin but have also tried 1.11, both fail once I enable ldap authentication.

      This is my configuration from the config.xml

      <useSecurity>true</useSecurity>
      <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
      <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
      <server>ldap://ldap</server>
      <rootDN></rootDN>
      <inhibitInferRootDN>false</inhibitInferRootDN>
      <userSearchBase>ou=users,dc=xxx,dc=com,dc=sg</userSearchBase>
      <userSearch>uid=

      {0}

      </userSearch>
      <groupSearchBase>ou=jenkins,ou=groups,dc=xxx,dc=com,dc=sg</groupSearchBase>
      <managerDN>cn=admin,dc=xxx,dc=com,dc=sg</managerDN>
      <managerPassword>xxxxxxxxxxx</managerPassword>
      <disableMailAddressResolver>false</disableMailAddressResolver>
      </securityRealm>

      Steps to reproduce:
      1. Fresh install of Jenkins 1.584 from Ubuntu apt-get install jenkins
      2. Enter settings as can be used up to 1.575
      3. Add the display name is the cn
      4. Authorization: Anyone can do anything (I used matrix before but for now I am happy to login)
      5. Save
      6. My name is shown as "Peter Bruin", proof that this was retrieved from ldap or else it would be peterbruin which is my user name
      7. Navigate back to Manage and I get prompted for password
      8. No log entries in /var/log/jenkins/jenkins.log
      9. Unable to access the system log (/log/all) as I am not able to access Jenkins
      10. Downgrade to 1.575 and I can log in again

      How this affected my upgrade:
      1. Upgrade from 1.557 to 1.584
      2. Able to acess jenkins until I wanted to go Manage
      3. Prompted for password and unable to login
      4. Editted the config.xml and disable security
      5. Updated LDAP plugin from 1.6 to latest
      6. Spend hours messing around with ldap settings
      7. Need to restart server after every time, takes a few minutes
      8. Downgraded and was able to log in again

      Ofcourse my bad for doing this on our production server but I didn't expect this kind of trouble. Cost me most of the last two days trying to get it working.

      Any help with trouble shooting would be welcome.
      How can I get more log info out of Jenkins, I don't see much in the /var/log/jenkins/jenkins.log file and the System Log is useless as I am unable to access it after I enable security

          [JENKINS-25180] Unable to authenticate using LDAP after upgrading to 1.576 or higher

          uncletall created issue -
          uncletall made changes -
          Description Original: After upgrading to 1.576 or higher LDAP authentication fails. It is very repeatable and downgrading to 1.575 fixes the issue. I have tried 1.576 1.577 1.580 and 1.584 but am unable to log in.

          Basically, I disable security and then setup the same config again and am still unable to log in.
          I am using ldap 1.6 plugin but have also tried 1.11, both fail once I enable ldap authentication.

          This is my configuration from the config.xml

            <useSecurity>true</useSecurity>
            <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
            <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
              <server>ldap://ldap&lt;/server>
              <rootDN></rootDN>
              <inhibitInferRootDN>false</inhibitInferRootDN>
              <userSearchBase>ou=users,dc=xxx,dc=com,dc=sg</userSearchBase>
              <userSearch>uid={0}</userSearch>
              <groupSearchBase>ou=jenkins,ou=groups,dc=xxx,dc=com,dc=sg</groupSearchBase>
              <managerDN>cn=admin,dc=xxx,dc=com,dc=sg</managerDN>
              <managerPassword>xxxxxxxxxxx</managerPassword>
              <disableMailAddressResolver>false</disableMailAddressResolver>
            </securityRealm>
          		 New: After upgrading to 1.576 or higher LDAP authentication fails. It is very repeatable and downgrading to 1.575 fixes the issue. I have tried 1.576 1.577 1.580 and 1.584 but am unable to log in.

          Basically, I disable security and then setup the same config again and am still unable to log in.
          I am using ldap 1.6 plugin but have also tried 1.11, both fail once I enable ldap authentication.

          This is my configuration from the config.xml

            <useSecurity>true</useSecurity>
            <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
            <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
              <server>ldap://ldap&lt;/server>
              <rootDN></rootDN>
              <inhibitInferRootDN>false</inhibitInferRootDN>
              <userSearchBase>ou=users,dc=xxx,dc=com,dc=sg</userSearchBase>
              <userSearch>uid={0}</userSearch>
              <groupSearchBase>ou=jenkins,ou=groups,dc=xxx,dc=com,dc=sg</groupSearchBase>
              <managerDN>cn=admin,dc=xxx,dc=com,dc=sg</managerDN>
              <managerPassword>xxxxxxxxxxx</managerPassword>
              <disableMailAddressResolver>false</disableMailAddressResolver>
            </securityRealm>

          Steps to reproduce:
          1. Fresh install of Jenkins 1.584 from Ubuntu apt-get install jenkins
          2. Enter settings as can be used up to 1.575
          3. Add the display name is the cn
          4. Authorization: Anyone can do anything (I used matrix before but for now I am happy to login)
          5. Save
          6. My name is shown as "Peter Bruin", proof that this was retrieved from ldap or else it would be peterbruin which is my user name
          7. Navigate back to Manage and I get prompted for password
          8. No log entries in /var/log/jenkins/jenkins.log
          9. Unable to access the system log (/log/all) as I am not able to access Jenkins
          10. Downgrade to 1.575 and I can log in again
          Environment Original: ubuntu 12.04 and 14.04 openldap New: ubuntu 12.04 and 14.04 openldap, authentication is normally done by Apache and the user information should be retrieved by Jenkins from ldap.
          uncletall made changes -
          Description Original: After upgrading to 1.576 or higher LDAP authentication fails. It is very repeatable and downgrading to 1.575 fixes the issue. I have tried 1.576 1.577 1.580 and 1.584 but am unable to log in.

          Basically, I disable security and then setup the same config again and am still unable to log in.
          I am using ldap 1.6 plugin but have also tried 1.11, both fail once I enable ldap authentication.

          This is my configuration from the config.xml

            <useSecurity>true</useSecurity>
            <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
            <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
              <server>ldap://ldap&lt;/server>
              <rootDN></rootDN>
              <inhibitInferRootDN>false</inhibitInferRootDN>
              <userSearchBase>ou=users,dc=xxx,dc=com,dc=sg</userSearchBase>
              <userSearch>uid={0}</userSearch>
              <groupSearchBase>ou=jenkins,ou=groups,dc=xxx,dc=com,dc=sg</groupSearchBase>
              <managerDN>cn=admin,dc=xxx,dc=com,dc=sg</managerDN>
              <managerPassword>xxxxxxxxxxx</managerPassword>
              <disableMailAddressResolver>false</disableMailAddressResolver>
            </securityRealm>

          Steps to reproduce:
          1. Fresh install of Jenkins 1.584 from Ubuntu apt-get install jenkins
          2. Enter settings as can be used up to 1.575
          3. Add the display name is the cn
          4. Authorization: Anyone can do anything (I used matrix before but for now I am happy to login)
          5. Save
          6. My name is shown as "Peter Bruin", proof that this was retrieved from ldap or else it would be peterbruin which is my user name
          7. Navigate back to Manage and I get prompted for password
          8. No log entries in /var/log/jenkins/jenkins.log
          9. Unable to access the system log (/log/all) as I am not able to access Jenkins
          10. Downgrade to 1.575 and I can log in again
          		 New: After upgrading to 1.576 or higher LDAP authentication fails. It is very repeatable and downgrading to 1.575 fixes the issue. I have tried 1.576 1.577 1.580 and 1.584 but am unable to log in.

          Basically, I disable security and then setup the same config again and am still unable to log in.
          I am using ldap 1.6 plugin but have also tried 1.11, both fail once I enable ldap authentication.

          This is my configuration from the config.xml

            <useSecurity>true</useSecurity>
            <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
            <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
              <server>ldap://ldap&lt;/server>
              <rootDN></rootDN>
              <inhibitInferRootDN>false</inhibitInferRootDN>
              <userSearchBase>ou=users,dc=xxx,dc=com,dc=sg</userSearchBase>
              <userSearch>uid={0}</userSearch>
              <groupSearchBase>ou=jenkins,ou=groups,dc=xxx,dc=com,dc=sg</groupSearchBase>
              <managerDN>cn=admin,dc=xxx,dc=com,dc=sg</managerDN>
              <managerPassword>xxxxxxxxxxx</managerPassword>
              <disableMailAddressResolver>false</disableMailAddressResolver>
            </securityRealm>

          Steps to reproduce:
          1. Fresh install of Jenkins 1.584 from Ubuntu apt-get install jenkins
          2. Enter settings as can be used up to 1.575
          3. Add the display name is the cn
          4. Authorization: Anyone can do anything (I used matrix before but for now I am happy to login)
          5. Save
          6. My name is shown as "Peter Bruin", proof that this was retrieved from ldap or else it would be peterbruin which is my user name
          7. Navigate back to Manage and I get prompted for password
          8. No log entries in /var/log/jenkins/jenkins.log
          9. Unable to access the system log (/log/all) as I am not able to access Jenkins
          10. Downgrade to 1.575 and I can log in again


          How this affected my upgrade:
          1. Upgrade from 1.557 to 1.584
          2. Able to acess jenkins until I wanted to go Manage
          3. Prompted for password and unable to login
          4. Editted the config.xml and disable security
          5. Updated plugin from 1.6 to latest
          6. Spend hours messing around with ldap settings
          7. Need to restart server after every time, takes a few minutes
          8. Downgraded and was able to log in again

          Ofcourse my bad for doing this on our production server but I didn't expect this kind of trouble. Cost me most of the last two days trying to get it working.

          Any help with trouble shooting would be welcome.
          How can I get more log info out of Jenkins, I don't see much in the /var/log/jenkins/jenkins.log file and the System Log is useless as I am unable to access it after I enable security
          uncletall made changes -
          Description Original: After upgrading to 1.576 or higher LDAP authentication fails. It is very repeatable and downgrading to 1.575 fixes the issue. I have tried 1.576 1.577 1.580 and 1.584 but am unable to log in.

          Basically, I disable security and then setup the same config again and am still unable to log in.
          I am using ldap 1.6 plugin but have also tried 1.11, both fail once I enable ldap authentication.

          This is my configuration from the config.xml

            <useSecurity>true</useSecurity>
            <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
            <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
              <server>ldap://ldap&lt;/server>
              <rootDN></rootDN>
              <inhibitInferRootDN>false</inhibitInferRootDN>
              <userSearchBase>ou=users,dc=xxx,dc=com,dc=sg</userSearchBase>
              <userSearch>uid={0}</userSearch>
              <groupSearchBase>ou=jenkins,ou=groups,dc=xxx,dc=com,dc=sg</groupSearchBase>
              <managerDN>cn=admin,dc=xxx,dc=com,dc=sg</managerDN>
              <managerPassword>xxxxxxxxxxx</managerPassword>
              <disableMailAddressResolver>false</disableMailAddressResolver>
            </securityRealm>

          Steps to reproduce:
          1. Fresh install of Jenkins 1.584 from Ubuntu apt-get install jenkins
          2. Enter settings as can be used up to 1.575
          3. Add the display name is the cn
          4. Authorization: Anyone can do anything (I used matrix before but for now I am happy to login)
          5. Save
          6. My name is shown as "Peter Bruin", proof that this was retrieved from ldap or else it would be peterbruin which is my user name
          7. Navigate back to Manage and I get prompted for password
          8. No log entries in /var/log/jenkins/jenkins.log
          9. Unable to access the system log (/log/all) as I am not able to access Jenkins
          10. Downgrade to 1.575 and I can log in again


          How this affected my upgrade:
          1. Upgrade from 1.557 to 1.584
          2. Able to acess jenkins until I wanted to go Manage
          3. Prompted for password and unable to login
          4. Editted the config.xml and disable security
          5. Updated plugin from 1.6 to latest
          6. Spend hours messing around with ldap settings
          7. Need to restart server after every time, takes a few minutes
          8. Downgraded and was able to log in again

          Ofcourse my bad for doing this on our production server but I didn't expect this kind of trouble. Cost me most of the last two days trying to get it working.

          Any help with trouble shooting would be welcome.
          How can I get more log info out of Jenkins, I don't see much in the /var/log/jenkins/jenkins.log file and the System Log is useless as I am unable to access it after I enable security
          		 New: After upgrading to 1.576 or higher LDAP authentication fails. It is very repeatable and downgrading to 1.575 fixes the issue. I have tried 1.576 1.577 1.580 and 1.584 but am unable to log in.

          Basically, I disable security and then setup the same config again and am still unable to log in.
          I am using ldap 1.6 plugin but have also tried 1.11, both fail once I enable ldap authentication.

          This is my configuration from the config.xml

            <useSecurity>true</useSecurity>
            <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
            <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
              <server>ldap://ldap&lt;/server>
              <rootDN></rootDN>
              <inhibitInferRootDN>false</inhibitInferRootDN>
              <userSearchBase>ou=users,dc=xxx,dc=com,dc=sg</userSearchBase>
              <userSearch>uid={0}</userSearch>
              <groupSearchBase>ou=jenkins,ou=groups,dc=xxx,dc=com,dc=sg</groupSearchBase>
              <managerDN>cn=admin,dc=xxx,dc=com,dc=sg</managerDN>
              <managerPassword>xxxxxxxxxxx</managerPassword>
              <disableMailAddressResolver>false</disableMailAddressResolver>
            </securityRealm>

          Steps to reproduce:
          1. Fresh install of Jenkins 1.584 from Ubuntu apt-get install jenkins
          2. Enter settings as can be used up to 1.575
          3. Add the display name is the cn
          4. Authorization: Anyone can do anything (I used matrix before but for now I am happy to login)
          5. Save
          6. My name is shown as "Peter Bruin", proof that this was retrieved from ldap or else it would be peterbruin which is my user name
          7. Navigate back to Manage and I get prompted for password
          8. No log entries in /var/log/jenkins/jenkins.log
          9. Unable to access the system log (/log/all) as I am not able to access Jenkins
          10. Downgrade to 1.575 and I can log in again


          How this affected my upgrade:
          1. Upgrade from 1.557 to 1.584
          2. Able to acess jenkins until I wanted to go Manage
          3. Prompted for password and unable to login
          4. Editted the config.xml and disable security
          5. Updated LDAP plugin from 1.6 to latest
          6. Spend hours messing around with ldap settings
          7. Need to restart server after every time, takes a few minutes
          8. Downgraded and was able to log in again

          Ofcourse my bad for doing this on our production server but I didn't expect this kind of trouble. Cost me most of the last two days trying to get it working.

          Any help with trouble shooting would be welcome.
          How can I get more log info out of Jenkins, I don't see much in the /var/log/jenkins/jenkins.log file and the System Log is useless as I am unable to access it after I enable security
          uncletall made changes -
          Link New: This issue is related to JENKINS-25144 [ JENKINS-25144 ]
          uncletall made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Closed [ 6 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 159091 ] New: JNJira + In-Review [ 208138 ]

            Unassigned Unassigned
            uncletall uncletall
            Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: