Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-58957

trap and report login failure; no stack trace

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • Jenkins 2.176.2
      active-directory:2.8

      Connecting to active directory a failed login produces two stack traces in the logs. They are not required and just clutter the logs.

      It should simply record the login failure. eg:
      BadCredentialsException: Either no such user 'xxxxxxxx@mydomain.com' or incorrect password

      Instead we get:

      Aug 15, 2019 12:41:19 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl bind
      WARNING: Failed to authenticate while binding to btwn000265.corp.ads:3268
      javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1^@]

      Aug 15, 2019 12:41:19 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      WARNING: Credential exception trying to authenticate against corp.ads domain
      org.acegisecurity.BadCredentialsException: Either no such user 'xxxxxxxx@mydomain.com' or incorrect password

      Complete error attached.

      I see ci_jenkinsci_org previously closed a similar issue JENKINS-14298 in 2013 as "Won't Fix", but would ask to revisit. Evidently, we have a lot of people in the org who can't type their passwords properly. What value is provided by the stack trace over the simple message in the log?

       

          [JENKINS-58957] trap and report login failure; no stack trace

          Stephen Herd added a comment -

          Agreed, this is very annoying.  The stack trace should be under debug or something and a simple warning should be "Unable to login as....." should be in info.. INFO/WARN should never contain stacktraces, ERROR or DEBUG, yes, but not INFO/WARN.

          Stephen Herd added a comment - Agreed, this is very annoying.  The stack trace should be under debug or something and a simple warning should be "Unable to login as....." should be in info.. INFO/WARN should never contain stacktraces, ERROR or DEBUG, yes, but not INFO/WARN.

            fbelzunc FĂ©lix Belzunce Arcos
            ianw Ian Williams
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: