-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
Jenkins 2.121.3, ldap-plugin 1.20
As I configure LDAP and press Test LDAP settings, then fill my user ID and password, the following exception appears.
I understand that "/" must be excaped in LDAP queries as \27.
The Group search filter is (&(objectclass=group)(cn={0})) .
Some other user IDs are not causing exceptions as they are not member in those fancy groups. Our productive use with simple named groups is not affected.
Removing the search filter also gets rid of the exception, but then groups cannot be used for authorization at all. (active directory)
javax.naming.InvalidNameException: Invalid name: "CN=BU1/XDEP,OU=Departments,OU=Bu00,OU=Distributionlists,OU=Cng4,DC=EU",DC=example,DC=com
at javax.naming.ldap.Rfc2253Parser.parseAttrType(Rfc2253Parser.java:155)
at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:108)
at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:70)
at javax.naming.ldap.LdapName.parse(LdapName.java:785)
at javax.naming.ldap.LdapName.<init>(LdapName.java:123)
at hudson.security.LDAPSecurityRealm$GroupDetailsMapper.mapAttributes(LDAPSecurityRealm.java:972)
at hudson.security.LDAPSecurityRealm$GroupDetailsMapper.mapAttributes(LDAPSecurityRealm.java:969)
at jenkins.security.plugins.ldap.LDAPExtendedTemplate$SearchResultEnumeration.next(LDAPExtendedTemplate.java:163)
at jenkins.security.plugins.ldap.LDAPExtendedTemplate.searchForFirstEntry(LDAPExtendedTemplate.java:74)
Caused: org.acegisecurity.ldap.LdapDataAccessException: Unable to get first element; nested exception is javax.naming.InvalidNameException: Invalid name: "CN=BU1/XDEP,OU=Departments,OU=Bu00,OU=Distributionlists,OU=Cng4,DC=EU",DC=example,DC=com
at jenkins.security.plugins.ldap.LDAPExtendedTemplate.searchForFirstEntry(LDAPExtendedTemplate.java:76)
at hudson.security.LDAPSecurityRealm.searchForGroupName(LDAPSecurityRealm.java:895)
at hudson.security.LDAPSecurityRealm.loadGroupByGroupname(LDAPSecurityRealm.java:876)
at hudson.security.LDAPSecurityRealm.loadGroupByGroupname(LDAPSecurityRealm.java:848)
at hudson.security.LDAPSecurityRealm$DescriptorImpl.validate(LDAPSecurityRealm.java:1903)
at hudson.security.LDAPSecurityRealm$DescriptorImpl.doValidate(LDAPSecurityRealm.java:1595)
at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
Caused: javax.servlet.ServletException
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:784)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
...
