Hi I'd like to ask if you guys have such issue. I need to config mixing security realm to support Jenkins own users database and ldap. if I setup ldap only it verified successfully. but if I config ldap inside mix plugin I got following exception.
I am using java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64 and Jenkins 2.316
"java.lang.IllegalArgumentException":Specified type class hudson.security.MixingSecurityRealm is not assignable to the expected class hudson.security.LDAPSecurityRealm"java.lang.IllegalArgumentException":Specified type class hudson.security.MixingSecurityRealm is not assignable to the expected class hudson.security.LDAPSecurityRealm at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON("RequestImpl.java":"683)Caused":"java.lang.IllegalArgumentException":"Failed to instantiate class hudson.security.LDAPSecurityRealm from"{ "value":"3",
"stapler-class":"hudson.security.MixingSecurityRealm",
"$class":"hudson.security.MixingSecurityRealm",
"allowsSignup":false,
"priority":true,
"optional":[
{ "$enabled":false, "$id":"hudson.security.SecurityRealm$None" }
,
{ "$enabled":false, "$id":"hudson.security.PAMSecurityRealm", "serviceName":"" }
,
{ "$enabled":true,
"$id":"hudson.security.LDAPSecurityRealm",
"configurations":
{ "server":"ldap://www.example.com", "rootDN":"dc=example,dc=com", "inhibitInferRootDN":false, "userSearchBase":"OU=User Accounts", "userSearch":"userPrincipalName=
{0}
",
"groupSearchBase":"OU=Groups",
"groupSearchFilter":"(objectClass=group)",
"groupMembershipStrategy":
{ "value":"0", "attributeName":"memberOf", "stapler-class":"jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy", "$class":"jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy" }
,
"managerDN":"CN=onprembuild,OU=Service Accounts,OU=User Accounts,DC=example,DC=com",
"managerPasswordSecret":"[value redacted]",
"$redact":"managerPasswordSecret",
"displayNameAttributeName":"displayname",
"mailAddressAttributeName":"mail",
"ignoreIfUnavailable":false },
"":[ "0",
"0" ],
"userIdStrategy":
{ "stapler-class":"jenkins.model.IdStrategy$CaseInsensitive", "$class":"jenkins.model.IdStrategy$CaseInsensitive" }
,
"groupIdStrategy":
{ "stapler-class":"jenkins.model.IdStrategy$CaseInsensitive", "$class":"jenkins.model.IdStrategy$CaseInsensitive" }
,
"disableMailAddressResolver":false,
"disableRolePrefixing":true },
{ "$enabled":false, "$id":"hudson.security.LegacySecurityRealm" }
]}
This would make sense as well to have e.g. a user for automation, which doesn't need to exist in the active directory/ldap directory.
i would very welcome this as well...