Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42465

LDAP lockout when using Gerrit HTTP password


    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • sonar-gerrit-plugin
    • None
    • Jenkins 2.32.1
      Sonar Gerrit Plugin
      Gerrit 2.12.2

      We have a Gerrit server configured to authenticate users against LDAP. However, we have configured Gerrit integration processes to use an LDAP service account and configured the Jenkins Gerrit integratoin to authenticate with a Gerrit HTTP password when accessing the REST API. This causes our service account to become locked out due to invalid authentication attempts.

      This is happening because the underlying java library being used by the sonar-gerrit-plugin (com.urswolfer.gerrit.client.rest:gerrit-rest-java-client:0.8.5) attempts to authenticate all requests against the Gerrit /login page in order to obtain a session cookie. This does not work when using Gerrit HTTP passwords against a server which is configured to authenticate against LDAP. The java client will attempt to pass the Gerrit HTTP password to the /login page for authentication, which Gerrit then attempts to validate against LDAP, causing a failed authentication attempt. After multiple client calls, the account becomes locked out in LDAP and cannot be used by other processes which might also be using the same credentials to authenticate against LDAP.

            aquarellian Tatiana Didik
            shawnstafford Shawn Stafford
            0 Vote for this issue
            2 Start watching this issue