Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33550

Active Directory Plugin adding user name as Bind DN

      The Active Directory plugin is adding a admin username as the Bind DN when the user add a new user in Global Security. The following tag gets added to the config file:

      <bindName> [USER_NT_USERName] </bindName>

      This prevents anyone from logging into Jenkins. By removing that entry from the config, users are able to log into Jenkins

          [JENKINS-33550] Active Directory Plugin adding user name as Bind DN

          I don't understand this issue. Can you explain what needs to be done to re-produce it, please?

          Félix Belzunce Arcos added a comment - I don't understand this issue. Can you explain what needs to be done to re-produce it, please?

          In our environment, we can reproduce the issue by having the Admin user log into Jenkins, then add a user in Global Security. By doing that, the config gets updated with: <bindName> [USER_NT_USERName] </bindName> where [USER_NT_USERName] is the NT login name of the Admin. Immediately, no one can log into Jenkins and we receive the error message in the attached image. By removing the entry, <bindName> [USER_NT_USERName] </bindName>, users are able to log into Jenkins

          Michael Miller added a comment - In our environment, we can reproduce the issue by having the Admin user log into Jenkins, then add a user in Global Security. By doing that, the config gets updated with: <bindName> [USER_NT_USERName] </bindName> where [USER_NT_USERName] is the NT login name of the Admin. Immediately, no one can log into Jenkins and we receive the error message in the attached image. By removing the entry, <bindName> [USER_NT_USERName] </bindName>, users are able to log into Jenkins

          FYI, we are using Project-based Matrix Authorization Strategy

          Michael Miller added a comment - FYI, we are using Project-based Matrix Authorization Strategy

          Johnny Horvi added a comment -

          I experienced the same behaviour, and found that the problem was that Chrome was auto-filling the username and password fields hidden in the advanced section.

          Johnny Horvi added a comment - I experienced the same behaviour, and found that the problem was that Chrome was auto-filling the username and password fields hidden in the advanced section.

          Sean McAdams added a comment - - edited

          I have experienced this issue just recently as well. It adds the Admin user to the config and causes all AD related calls to fail. Mine occurred after attempting to update permissions for a set of AD groups (I was removing the "Run Scripts" permission from those groups). I am running v2.61. The work around is to remove the BindName and password nodes from the config for us.

          Sean McAdams added a comment - - edited I have experienced this issue just recently as well. It adds the Admin user to the config and causes all AD related calls to fail. Mine occurred after attempting to update permissions for a set of AD groups (I was removing the "Run Scripts" permission from those groups). I am running v2.61. The work around is to remove the BindName and password nodes from the config for us.

          In my experience, my password manager, Bitwarden, was auto-filling the Bind DN field, thus, when I hit save, it would save that without me knowing it.

          Yeremy Turcios added a comment - In my experience, my password manager, Bitwarden, was auto-filling the Bind DN field, thus, when I hit save, it would save that without me knowing it.

            fbelzunc Félix Belzunce Arcos
            yaaadman Michael Miller
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: