Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60728

Two active directory domains and same usernames

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Labels:
      None
    • Environment:
      Jenkins 2.176.4, active-directory-plugin 2.16, two AD domains
    • Similar Issues:

      Description

      In two AD-domains configuration (adom.organization.com, ddom.organization.com, binding as different users) when exist same user in both domains with different passwords, logon to Jenkins as user of ddom domain:

      DDOM\user, ddom\user or user@ddom.organization.com

      initiate in log

       

      ... hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      WARNING: Credential exception trying to authenticate against adom.organization.com domain
      org.acegisecurity.BadCredentialsException: Either no such user '...' or incorrect password
      

       

      and after some logons, adom\user account from another domain ADOM being locked due to multiple bad password attempts.

      I think it happens because authentication go though all list of configured domains(tcpdump show connects to all domains).

      It is possible to initiate authentification of ddom\user only in home domain ddom.organization.com?

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            fbelzunc Félix Belzunce Arcos
            Reporter:
            alexanderu Alexander Ukhanov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: