Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-4268

AD authentication does not try other domain controllers

    XMLWordPrintable

Details

    Description

      If one of domain contollers is not available (or there is a wrong entry in SRV
      records in DNS), and Hudson receives such name from DNS, it tries to bind to
      LDAP with this one domain controller only and does not even try to fall back to
      other domain controllers listed in SRV records.

      Expected behavior: When UnknownHostException (or CommunicationException) is
      caught, retry binding with another domain controller listed in SRV records.

      Below is a stack trace from console when this problem happens. Note that
      <domain> is just a placeholder for a real domain name.

      Also there is a typo: "and could not authenticat against any" should read "and
      could not authenticate against any"

      Aug 19, 2009 1:50:08 PM
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      retrieveUser
      WARNING: Failed to bind to LDAP
      javax.naming.CommunicationException: zhk25dsdc11.<domain>.:389 [Root exception
      is java.net.UnknownHostException: zhk25dsdc11.<domain>.]
      at com.sun.jndi.ldap.Connection.<init>(Connection.java:207)
      at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
      at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
      at
      com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
      at
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:102)
      at
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:73)
      at
      org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
      at
      org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
      at
      org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
      at
      org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
      at
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at
      hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:155)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at
      winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Thread.java:619)
      Caused by: java.net.UnknownHostException: zhk25dsdc11.<domain>.
      at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
      at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
      at java.net.Socket.connect(Socket.java:518)
      at java.net.Socket.connect(Socket.java:468)
      at java.net.Socket.<init>(Socket.java:365)
      at java.net.Socket.<init>(Socket.java:179)
      at com.sun.jndi.ldap.Connection.createSocket(Connection.java:349)
      at com.sun.jndi.ldap.Connection.<init>(Connection.java:184)
      ... 27 more
      Aug 19, 2009 1:50:08 PM
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      retrieveUser
      WARNING: Credential exception tying to authenticate against <domain> domain
      org.acegisecurity.BadCredentialsException: Either no such user 'akm022@<domain>'
      or incorrect password; nested exception is javax.naming.CommunicationException:
      zhk25dsdc11.<domain>.:389 [Root exception is java.net.UnknownHostException:
      zhk25dsdc11.<domain>.]
      at
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:107)
      at
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:73)
      at
      org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
      at
      org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
      at
      org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
      at
      org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
      at
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at
      hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:155)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at
      winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Thread.java:619)
      Caused by: javax.naming.CommunicationException: zhk25dsdc11.<domain>.:389 [Root
      exception is java.net.UnknownHostException: zhk25dsdc11.<domain>.]
      at com.sun.jndi.ldap.Connection.<init>(Connection.java:207)
      at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
      at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
      at
      com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
      at
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:102)
      ... 20 more
      Caused by: java.net.UnknownHostException: zhk25dsdc11.<domain>.
      at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
      at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
      at java.net.Socket.connect(Socket.java:518)
      at java.net.Socket.connect(Socket.java:468)
      at java.net.Socket.<init>(Socket.java:365)
      at java.net.Socket.<init>(Socket.java:179)
      at com.sun.jndi.ldap.Connection.createSocket(Connection.java:349)
      at com.sun.jndi.ldap.Connection.<init>(Connection.java:184)
      ... 27 more
      Aug 19, 2009 1:50:08 PM
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      retrieveUser
      WARNING: Exhausted all configured domains and could not authenticat against any.
      Aug 19, 2009 1:50:08 PM hudson.security.AuthenticationProcessingFilter2
      onUnsuccessfulAuthentication
      INFO: Login attempt failed

      Attachments

        Activity

          raspy Krzysztof Malinowski created issue -
          kohsuke Kohsuke Kawaguchi made changes -
          Field Original Value New Value
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Resolved [ 5 ]
          raspy Krzysztof Malinowski made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 134341 ] JNJira + In-Review [ 202777 ]

          People

            Unassigned Unassigned
            raspy Krzysztof Malinowski
            Votes:
            2 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: