Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-58957

trap and report login failure; no stack trace

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Labels:
      None
    • Environment:
      Jenkins 2.176.2
      active-directory:2.8
    • Similar Issues:

      Description

      Connecting to active directory a failed login produces two stack traces in the logs. They are not required and just clutter the logs.

      It should simply record the login failure. eg:
      BadCredentialsException: Either no such user 'xxxxxxxx@mydomain.com' or incorrect password

      Instead we get:

      Aug 15, 2019 12:41:19 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl bind
      WARNING: Failed to authenticate while binding to btwn000265.corp.ads:3268
      javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1^@]

      Aug 15, 2019 12:41:19 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      WARNING: Credential exception trying to authenticate against corp.ads domain
      org.acegisecurity.BadCredentialsException: Either no such user 'xxxxxxxx@mydomain.com' or incorrect password

      Complete error attached.

      I see Kohsuke Kawaguchi previously closed a similar issue JENKINS-14298 in 2013 as "Won't Fix", but would ask to revisit. Evidently, we have a lot of people in the org who can't type their passwords properly. What value is provided by the stack trace over the simple message in the log?

       

        Attachments

          Activity

          Hide
          sharkannon Stephen Herd added a comment -

          Agreed, this is very annoying.  The stack trace should be under debug or something and a simple warning should be "Unable to login as....." should be in info.. INFO/WARN should never contain stacktraces, ERROR or DEBUG, yes, but not INFO/WARN.

          Show
          sharkannon Stephen Herd added a comment - Agreed, this is very annoying.  The stack trace should be under debug or something and a simple warning should be "Unable to login as....." should be in info.. INFO/WARN should never contain stacktraces, ERROR or DEBUG, yes, but not INFO/WARN.

            People

            Assignee:
            fbelzunc Félix Belzunce Arcos
            Reporter:
            ianw Ian Williams
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: