• Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • Ubuntu 12.04.5 LTS \n \l

      Hi,

      I can log in using credentials of one user (linuxadmin) but fails with the credentials of another user (mreagan)

      Unfortunately I do not admin the Windows domain machine.

      I have included the exceptions entered into the log when the login fails

      From /var/log/jenkins/jenkins.log

      Feb 24, 2016 10:02:12 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      WARNING: Credential exception trying to authenticate against CRESTRON.CRESTRON.COM domain
      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for mreagan; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0
      ^@]; remaining name 'CN=Michael Reagan,OU=Engineering/Firmware,OU=HW Engineering,OU=22 Link,OU=Crestron Domain Users,OU=Crestron,DC=CRESTRON,DC=CRESTRON,DC=com'
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:334)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:219)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:163)
      at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
      at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
      at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
      at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
      at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
      at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
      at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      at org.eclipse.jetty.server.Server.handle(Server.java:370)
      at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
      at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
      at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
      at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
      at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
      at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:745)
      Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0
      ^@]; remaining name 'CN=Michael Reagan,OU=Engineering/Firmware,OU=HW Engineering,OU=22 Link,OU=Crestron Domain Users,OU=Crestron,DC=CRESTRON,DC=CRESTRON,DC=com'
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3128)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2841)
      at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1035)
      at com.sun.jndi.toolkit.ctx.ComponentContext.c_resolveIntermediate_nns(ComponentContext.java:170)
      at com.sun.jndi.toolkit.ctx.AtomicContext.c_resolveIntermediate_nns(AtomicContext.java:360)
      at com.sun.jndi.toolkit.ctx.ComponentContext.p_resolveIntermediate(ComponentContext.java:399)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:223)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:398)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:318)
      ... 45 more

          [JENKINS-33134] Jenkins 1.649 / Active Directory 1.41

          James Nord added a comment -

          The error is that the BASE DN is not correctly set. Not entirely sure why this would work for one user and fail for a different one without poking around in your AD tree :-/

          What is the DN of the user that you can log in as?

          James Nord added a comment - The error is that the BASE DN is not correctly set. Not entirely sure why this would work for one user and fail for a different one without poking around in your AD tree :-/ What is the DN of the user that you can log in as?

          Hi,

          DN as in crestron.crestron.com?

          If you look at the log, it is obviously talking to the server and getting some info. It retrieved my real name, department, etc...

          _WARNING: Credential exception trying to authenticate against CRESTRON.CRESTRON.COM domain
          org.acegisecurity.BadCredentialsException: Failed to retrieve user information for mreagan; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0
          ^@]; remaining name 'CN=Michael Reagan,OU=Engineering/Firmware,OU=HW Engineering,OU=22 Link,OU=Crestron Domain Users,OU=Crestron,DC=CRESTRON,DC=CRESTRON,DC=com'_

          Both users are from the same domain CRESTRON\mreagan does not work, CRESTRON\linuxadmin does.
          It almost looks like it's puking on a character.

          Thanks,

          Mike

          Michael Reagan added a comment - Hi, DN as in crestron.crestron.com? If you look at the log, it is obviously talking to the server and getting some info. It retrieved my real name, department, etc... _WARNING: Credential exception trying to authenticate against CRESTRON.CRESTRON.COM domain org.acegisecurity.BadCredentialsException: Failed to retrieve user information for mreagan; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0 ^@]; remaining name 'CN=Michael Reagan,OU=Engineering/Firmware,OU=HW Engineering,OU=22 Link,OU=Crestron Domain Users,OU=Crestron,DC=CRESTRON,DC=CRESTRON,DC=com'_ Both users are from the same domain CRESTRON\mreagan does not work, CRESTRON\linuxadmin does. It almost looks like it's puking on a character. Thanks, Mike

            Unassigned Unassigned
            mreagan Michael Reagan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: