Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61978

AD user not able to login using Active Directory plugin

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Labels:
      None
    • Environment:
      Jenkins 2.190.2
      AD plugin version 2.16
      Server running on Windows 2012 server
    • Similar Issues:

      Description

      For most users the AD plugin is working well.  However for one user on the domain, all login attempts are being refused because of incorrect password.  The password he is using is, however, the correct one and is the one used to login to all other resources on the network.  It is uniquely with the Jenkins server that the problem occurs.

       

      Looking at the logs (full output below)  for all users that succeed in logging in I see this kind of entry:

      <UserADShortName> dn=CN=<FirstName LastName>,OU=<CompanyName>,OU=Services,OU=<OfficeLocation>,OU=Locations,DC=misys,DC=global,DC=ad

       

      but for the case of this one user, and only this user, the dn is in upper case:

      Login failure: Incorrect password for <shortname> DN=CN=<FirstName LastName>,OU=<CompanyName>,OU=Users,OU=<OfficeLocation>,OU=Locations,DC=misys,DC=global,DC=ad

      The only difference at this level appears to be that "DN" is in upper case.  This is probably just a quirk in the error logging.

      One difference about his name that may be salient is that it contains a cedilla.

      A recent forced flush and reassignment of all user passwords was implemented across the company, the user could log in prior to that event but now, even after changing his password, login is not possible for the user.

       

      The issue replicates for this user using different Jenkins server instances (same version of Jenkins plus plug in).  It also replicates no matter which workstation the user attempts to login from (his own or someone else's).  Full error log is as follows:

       

      Login failure: Incorrect password for <shortname replaced> DN=CN=<FirstNaem LastName>,OU=<CompanyName>,OU=Users,OU=<OfficeLocation>,OU=Locations,DC=<CompanyName>,DC=global,DC=ad: error=8007052E
      com4j.ComException: 8007052e The user name or password is incorrect. : The user name or password is incorrect.
      : .\invoke.cpp:517
      at com4j.Native.invoke(Native Method)
      at com4j.StandardComMethod.invoke(StandardComMethod.java:35)
      at com4j.Wrapper$InvocationThunk.call(Wrapper.java:356)
      at com4j.Task.invoke(Task.java:50)
      at com4j.ComThread.run0(ComThread.java:172)
      at com4j.ComThread.run(ComThread.java:153)
      Caused: com4j.ComException: 8007052e The user name or password is incorrect. : The user name or password is incorrect.
      : .\invoke.cpp:517
      at com4j.Wrapper.invoke(Wrapper.java:187)
      at com.sun.proxy.$Proxy116.openDSObject(Unknown Source)
      at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider$1.call(ActiveDirectoryAuthenticationProvider.java:166)
      at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider$1.call(ActiveDirectoryAuthenticationProvider.java:142)
      at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767)
      at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
      at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
      at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
      at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
      at com.google.common.cache.LocalCache.get(LocalCache.java:3965)
      at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764)
      at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:142)
      at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
      at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
      at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
      at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
      at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
      at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
      at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1700)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
      at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1667)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      at org.eclipse.jetty.server.Server.handle(Server.java:505)
      at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
      at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
      at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
      at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
      at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:427)
      at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:321)
      at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
      at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
      at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
      at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
      at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
      at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
      at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
      at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
      at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
      at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
      at java.lang.Thread.run(Unknown Source)
       

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            fbelzunc Félix Belzunce Arcos
            Reporter:
            jkg20_ou Jason Gibbons
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: