Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29280

Chrome browser username autofill adds username as bindName in LDAP

    XMLWordPrintable

Details

    • Bug
    • Status: Reopened (View Workflow)
    • Minor
    • Resolution: Unresolved
    • None
    • Jenkins 1.580 on CentOs
      ActiveDirectory plugin 1.39
      Chrome browser ver 43.0.235

      Jenkins 2.46.1 on Ubuntu 16.04.2 LTS
      ActiveDirectory plugin 2.4
      Chrome browser ver 57.0.2987.133

      Jenkins 2.46.2
      AD plugin 2.4

    Description

      Chromes auto-fill , populates the username and password of any user who has logged in to Jenkins into the 'bindName' , 'bindPassword' field in the Advanced section of 'Active Directory' under Configure Global Security .

      As a result , on saving this ( without noticing ) , no users are able to login .

      The only way to fix this was to manually edit the config.xml to remove the erroneous <bindName> and restart the Jenkins instance .

      Am calling this a bug due to the disruptive nature of the issue ( which called for a restart of the Jenkins service )

      This happens silently as the 'Advanced fields' are not expanded and thus not seen by default .

      Autocomplete/autopopulate should be blocked for the fields in Active Directory plugin to prevent such cases .

      Thanks
      Taher .

      Attachments

        Activity

          People

            Unassigned Unassigned
            taherkf Taher K F
            Votes:
            13 Vote for this issue
            Watchers:
            17 Start watching this issue

            Dates

              Created:
              Updated: