Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64087

LDAP authentication fails

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: ldap-plugin
    • Labels:
    • Environment:
      Windows 2012 R2 Server; jenkins (2.249.2) ldap plugin v1.26
    • Similar Issues:

      Description

      After configured security realm with the proper info to integrate with ADAM, my ldap testing isn't working.

       

      I have confirmed that the user and password are correct an available to the managed user (after testing with another similar ldap integration for the same ADAM).

       

      The following exception is shownned in jenkins logs:

      Searching for user '919001', with user search [ searchFilter: '(&(sAMAccountName={0})(objectClass=User))', searchBase: 'OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local', scope: subtreesearchTimeLimit: 0derefLinkFlag: false ]Searching for user '919001', with user search [ searchFilter: '(&(sAMAccountName={0})(objectClass=User))', searchBase: 'OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local', scope: subtreesearchTimeLimit: 0derefLinkFlag: false ]out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.DefaultInitialDirContextFactory connectCreating InitialDirContext with environment {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.referral=follow, java.naming.security.principal=CN=MMMMMM,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local, com.sun.jndi.ldap.connect.timeout=30000, com.sun.jndi.ldap.connect.pool=true, com.sun.jndi.ldap.read.timeout=60000, java.naming.provider.url=ldap://ldap_address/, java.naming.security.authentication=simple, java.naming.security.credentials=******}out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.DefaultInitialDirContextFactory connectCreating InitialDirContext with environment {java.naming.provider.url=ldap://ldap_address/, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=30000, java.naming.security.principal=CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local, java.naming.security.authentication=simple, java.naming.security.credentials=******, java.naming.referral=follow, com.sun.jndi.ldap.read.timeout=60000}out 29, 2020 3:36:02 PM WARNING hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager authenticateFailed communication with ldap server.javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; remaining name 'CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source) at org.acegisecurity.ldap.LdapTemplate$2.doInDirContext(LdapTemplate.java:168) at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)Caused: org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; remaining name 'CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local' at org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295) at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128) at org.acegisecurity.ldap.LdapTemplate.retrieveEntry(LdapTemplate.java:165) at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.bindWithDn(BindAuthenticator.java:87) at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:72) at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49) at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)Caused: org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; remaining name 'CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local'; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; remaining name 'CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local' at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47) at hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager.authenticate(LDAPSecurityRealm.java:1019) at hudson.security.LDAPSecurityRealm$DescriptorImpl.validate(LDAPSecurityRealm.java:1681) at hudson.security.LDAPSecurityRealm$DescriptorImpl.doValidate(LDAPSecurityRealm.java:1617) at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:536) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898) at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:281) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694) at org.kohsuke.stapler.Stapler.service(Stapler.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:763) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1631) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:153) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:51) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:36) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:549) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1369) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:489) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1284) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.Server.handle(Server.java:501) at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:272) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) at java.lang.Thread.run(Unknown Source)
      out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.search.FilterBasedLdapUserSearch searchForUserSearching for user '919001', with user search [ searchFilter: '(&(sAMAccountName={0})(objectClass=User))', searchBase: 'OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local', scope: subtreesearchTimeLimit: 0derefLinkFlag: false ]out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.DefaultInitialDirContextFactory connectCreating InitialDirContext with environment {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.referral=follow, java.naming.security.principal=CN=MMMMMM,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local, com.sun.jndi.ldap.connect.timeout=30000, com.sun.jndi.ldap.connect.pool=true, com.sun.jndi.ldap.read.timeout=60000, java.naming.provider.url=ldap://ldap_address/, java.naming.security.authentication=simple, java.naming.security.credentials=******}out 29, 2020 3:36:02 PM FINE org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator getGrantedAuthoritiesGetting authorities for user CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=localout 29, 2020 3:36:02 PM FINE org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator getGroupMembershipRolesSearching for roles for user '919001', DN = 'CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local', with filter (| (member={0}) (uniqueMember={0}) (memberUid={1})) in search base 'OU=DevOps,OU=ZZZZZZ,OU=SyncData,O=NNNNN,C=local'out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.DefaultInitialDirContextFactory connectCreating InitialDirContext with environment {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.referral=follow, java.naming.security.principal=CN=MMMMMM,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local, com.sun.jndi.ldap.connect.timeout=30000, com.sun.jndi.ldap.connect.pool=true, com.sun.jndi.ldap.read.timeout=60000, java.naming.provider.url=ldap://ldap_address/, java.naming.security.authentication=simple, java.naming.security.credentials=******}out 29, 2020 3:36:02 PM FINE org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator getGroupMembershipRolesRoles from search: [Administrador_DevOps]out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.DefaultInitialDirContextFactory connectCreating InitialDirContext with environment {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.referral=follow, java.naming.security.principal=CN=MMMMMM,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local, com.sun.jndi.ldap.connect.timeout=30000, com.sun.jndi.ldap.connect.pool=true, com.sun.jndi.ldap.read.timeout=60000, java.naming.provider.url=ldap://ldap_address/, java.naming.security.authentication=simple, java.naming.security.credentials=******}out 29, 2020 3:36:02 PM FINER jenkins.security.ExceptionTranslationFilterChain processed normally

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            galhana80 Flávio Gaspar
            Reporter:
            galhana80 Flávio Gaspar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: