Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42465

LDAP lockout when using Gerrit HTTP password

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: sonar-gerrit-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.32.1
      Sonar Gerrit Plugin 1.0.7.6
      Gerrit 2.12.2
    • Similar Issues:

      Description

      We have a Gerrit server configured to authenticate users against LDAP. However, we have configured Gerrit integration processes to use an LDAP service account and configured the Jenkins Gerrit integratoin to authenticate with a Gerrit HTTP password when accessing the REST API. This causes our service account to become locked out due to invalid authentication attempts.

      This is happening because the underlying java library being used by the sonar-gerrit-plugin (com.urswolfer.gerrit.client.rest:gerrit-rest-java-client:0.8.5) attempts to authenticate all requests against the Gerrit /login page in order to obtain a session cookie. This does not work when using Gerrit HTTP passwords against a server which is configured to authenticate against LDAP. The java client will attempt to pass the Gerrit HTTP password to the /login page for authentication, which Gerrit then attempts to validate against LDAP, causing a failed authentication attempt. After multiple client calls, the account becomes locked out in LDAP and cannot be used by other processes which might also be using the same credentials to authenticate against LDAP.

        Attachments

          Activity

          shawnstafford Shawn Stafford created issue -
          aquarellian Tatiana Didik made changes -
          Field Original Value New Value
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Resolved [ 5 ]

            People

            Assignee:
            aquarellian Tatiana Didik
            Reporter:
            shawnstafford Shawn Stafford
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: