Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-58772

Fall-back user for Active Directory plugin does not work

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None

      Using the 'Active Directory' plugin, I configured it to point to our LDAP server and everything works fine there. However I also checked the option to use a `fall-back` user to login to my Jenkins server just in case our LDAP connection failed. 

      See attached image.

      The problem is when I log out and try to login with my 'fall-back' user, it fails to login, and I just get the normal 'invalid username and password' error message. See attached image.

      I expected to be able to login with the one non-LDAP user account. The documentation says it should be possible.

      Note:

      The LDAP integration works fine. I have tested logging with many different LDAP accounts, and they work fine.

       

          [JENKINS-58772] Fall-back user for Active Directory plugin does not work

          Chris Johnson added a comment -

          No activity on this?

          Chris Johnson added a comment - No activity on this?

          Anna Shergold added a comment -

          Any update?

           

          Anna Shergold added a comment - Any update?  

          kutzi added a comment - - edited

          I'm seeing a similar issue. However, I get a gateway timeout from the nginx in front of Jenkins for /j_spring_security_check
          According to logs I get a timeout when connecting to the MDC(because of firewall), then fallback seems to work fine.

          2022-08-30 08:39:13.381+0000 [id=74]    WARNING    h.p.a.ActiveDirectorySecurityRealm$DescriptorImpl#bind: Failed to bind to xxx:3268
          java.net.SocketTimeoutException: connect timed out
              at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
              at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:412)
              at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:255)
              at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:237)
              at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
              at java.base/java.net.Socket.connect(Socket.java:609)
              at java.naming/com.sun.jndi.ldap.Connection.createSocket(Connection.java:335)
              at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:231)
          Caused: javax.naming.CommunicationException: xxx:3268 [Root exception is java.net.SocketTimeoutException: connect timed out]
              at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:252)
              at java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
          ...
          2022-08-30 08:39:13.382+0000 [id=74]    WARNING    h.p.a.ActiveDirectorySecurityRealm$DescriptorImpl#bind: All attempts to login failed for user svc-xxx
          2022-08-30 08:39:13.382+0000 [id=74]    WARNING    h.p.a.ActiveDirectoryUnixAuthenticationProvider#retrieveUser: Looking into Jenkins Internal Users Database for user admin
          2022-08-30 08:39:13.460+0000 [id=74]    INFO    h.p.a.ActiveDirectoryUnixAuthenticationProvider#retrieveUser: Falling back into the internal user admin
           

          But I'm still not logged in

          kutzi added a comment - - edited I'm seeing a similar issue. However, I get a gateway timeout from the nginx in front of Jenkins for /j_spring_security_check According to logs I get a timeout when connecting to the MDC(because of firewall), then fallback seems to work fine. 2022-08-30 08:39:13.381+0000 [id=74]    WARNING    h.p.a.ActiveDirectorySecurityRealm$DescriptorImpl#bind: Failed to bind to xxx:3268 java.net.SocketTimeoutException: connect timed out     at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)     at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:412)     at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:255)     at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:237)     at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)     at java.base/java.net.Socket.connect(Socket.java:609)     at java.naming/com.sun.jndi.ldap.Connection.createSocket(Connection.java:335)     at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:231) Caused: javax.naming.CommunicationException: xxx:3268 [Root exception is java.net.SocketTimeoutException: connect timed out]     at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:252)     at java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ... 2022-08-30 08:39:13.382+0000 [id=74]    WARNING    h.p.a.ActiveDirectorySecurityRealm$DescriptorImpl#bind: All attempts to login failed for user svc-xxx 2022-08-30 08:39:13.382+0000 [id=74]    WARNING    h.p.a.ActiveDirectoryUnixAuthenticationProvider#retrieveUser: Looking into Jenkins Internal Users Database for user admin 2022-08-30 08:39:13.460+0000 [id=74]    INFO    h.p.a.ActiveDirectoryUnixAuthenticationProvider#retrieveUser: Falling back into the internal user admin But I'm still not logged in

          kutzi added a comment -

          Not sure if fbelzunc is still an active maintainer
          alecharp could you have a look?

          kutzi added a comment - Not sure if fbelzunc is still an active maintainer alecharp could you have a look?

            fbelzunc FĂ©lix Belzunce Arcos
            cjverisk Chris Johnson
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: