Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60728

Two active directory domains and same usernames

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • Jenkins 2.176.4, active-directory-plugin 2.16, two AD domains

      In two AD-domains configuration (adom.organization.com, ddom.organization.com, binding as different users) when exist same user in both domains with different passwords, logon to Jenkins as user of ddom domain:

      DDOM\user, ddom\user or user@ddom.organization.com

      initiate in log

       

      ... hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      WARNING: Credential exception trying to authenticate against adom.organization.com domain
      org.acegisecurity.BadCredentialsException: Either no such user '...' or incorrect password
      

       

      and after some logons, adom\user account from another domain ADOM being locked due to multiple bad password attempts.

      I think it happens because authentication go though all list of configured domains(tcpdump show connects to all domains).

      It is possible to initiate authentification of ddom\user only in home domain ddom.organization.com?

          [JENKINS-60728] Two active directory domains and same usernames

          There are no comments yet on this issue.

            fbelzunc FĂ©lix Belzunce Arcos
            alexanderu Alexander Ukhanov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: