-
Bug
-
Resolution: Unresolved
-
Blocker
-
None
-
Debian Wheezy 7.10, OpenJDK 7u101, AD Plugin 1.46, LDAP Plugin 1.12
After I updated to 1.651.2 I started seeing failures that appear similar to those in JENKINS-34775. Reverting to earlier versions of the AD and LDAP plugins doesn't resolve the issue. Only reverting to 1.651.1 got things working again. I initially added my stack trace as a comment to JENKINS-34775, but I was told there that this was a different issue and to create a new issue.
BUILD SUCCESSFUL Total time: 5 minutes 23 seconds Sending e-mails to: bill@example.com ted@example.com FATAL: Failed to retrieve user information for Bill S. Preston; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'DC=example,DC=com' org.acegisecurity.BadCredentialsException: Failed to retrieve user information for Bill S. Preston; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'DC=example,DC=com' at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:343) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:223) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:167) at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:54) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:678) at hudson.model.User$UserIDCanonicalIdResolver.resolveCanonicalId(User.java:1049) at hudson.model.User.get(User.java:395) at hudson.model.User.get(User.java:364) at hudson.plugins.git.GitChangeSet.findOrCreateUser(GitChangeSet.java:374) at hudson.plugins.git.GitChangeSet.getAuthor(GitChangeSet.java:435) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:350) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:346) at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:672) at hudson.model.Run.execute(Run.java:1763) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:410) Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'DC=example,DC=com' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3128) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2841) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1850) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1773) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1790) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376) at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:112) at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:84) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:293) ... 16 more Finished: FAILURE
I'm experiencing the same problem. Sometimes builds fail after the last step of the actual build.
The piece of cause causing trouble seems to be:
https://github.com/jenkinsci/jenkins/blob/jenkins-2.6/core/src/main/java/hudson/model/User.java#L1050
It looks like the exception "org.acegisecurity.BadCredentialsException" is not catched (on purpose probably).
A possible workaround may be adding JENKINS_JAVA_OPTIONS="-Dhudson.model.User.SECURITY_243_FULL_DEFENSE=false" into /etc/sysconfig/jenkins. I'm not sure it works, testing it right now.
However it is not clear which credentials are "Bad". Are these LDAP credentials used to bind to the LDAP server? Why this is not happening constantly but still frequently?