-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
Platform: All, OS: Linux
Using the 1.301 Hudson war under glassfish v2 with LDAP enabled results in
Hudson supplying erroneous manager DN and manager password if these fields are
left blank. When filling in the form all is well with the auto verification
that taks place while one is filing in the form. However, after hitting the
save button, then coming back to the LDAP configuration area of the Manage
Hudson form, both the Manager DN and the Manager Password will have default
values. The value are incorrect and seem to be drawn from the Authorization Matrix.
The net result is that I have to fill in correct values despite my LDAP
configuration not requiring BINDING prior to querying.
I tried placing correct values in those two fields and saving the form then
logging out then back in to make sure all is well then clearing those fields and
saving the form. My intent was perhaps to reset some internal flag. This did
not work. The same erroneous values popped back into the form upon navigating
back to the form after having saved the form with the empty entries in those two
fields.
This is a security risk. I do not want to have to supply the admin DN and password.
- is duplicated by
-
JENKINS-6397 LDAP configuration incorrectly sets Manager DN and Manager Password to logged in users credentials
-
- Closed
-
-
JENKINS-6633 LDAP password field autocomplete is turned on when hiding advanced fields
-
- Closed
-
I think I am experiencing the same issue in Hudson 1.313.
My setup is:
{0}<version>1.313</version>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy
class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy"/>
<securityRealm class="hudson.security.LDAPSecurityRealm">
<server>x.x.x.x</server>
<rootDN>yyyyyy</rootDN>
<userSearchBase></userSearchBase>
<userSearch>cn=
</userSearch>
</securityRealm>
Now, I execute the following scenario:
menu entry)
connect to 172.20.0.10: javax.naming.InvalidNameException: [LDAP: error code 34
contains asterisks (probably representing my password), both fields also show
the same error: Unable to connect to 172.20.0.10:
javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN Syntax]
If I save the config page without changing the LDAP settings (possibly changing
other settings), my LDAP config becomes invalid and I cannot log back in. I then
need to manyally modify config.xml and restart hudson to make things work again.
If I save the config page after emptying the Manager DN and Manager
passwordsfields, everything works fine.
At the moment, my workaround is:
Whenever changing something on the 'Configure System'-page, make sure the
Manager DN and Manager password fields are emptied.