Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: ldap-plugin
Labels:
- ldap
- plugin
Environment:
Windows 2012 R2 Server; jenkins (2.249.2) ldap plugin v1.26

Similar Issues:

Show

After configured security realm with the proper info to integrate with ADAM, my ldap testing isn't working.

I have confirmed that the user and password are correct an available to the managed user (after testing with another similar ldap integration for the same ADAM).

The following exception is shownned in jenkins logs:

Searching for user '919001', with user search [ searchFilter: '(&(sAMAccountName={0})(objectClass=User))', searchBase: 'OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local', scope: subtreesearchTimeLimit: 0derefLinkFlag: false ]Searching for user '919001', with user search [ searchFilter: '(&(sAMAccountName={0})(objectClass=User))', searchBase: 'OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local', scope: subtreesearchTimeLimit: 0derefLinkFlag: false ]out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.DefaultInitialDirContextFactory connectCreating InitialDirContext with environment {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.referral=follow, java.naming.security.principal=CN=MMMMMM,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local, com.sun.jndi.ldap.connect.timeout=30000, com.sun.jndi.ldap.connect.pool=true, com.sun.jndi.ldap.read.timeout=60000, java.naming.provider.url=ldap://ldap_address/, java.naming.security.authentication=simple, java.naming.security.credentials=******}out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.DefaultInitialDirContextFactory connectCreating InitialDirContext with environment {java.naming.provider.url=ldap://ldap_address/, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=30000, java.naming.security.principal=CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local, java.naming.security.authentication=simple, java.naming.security.credentials=******, java.naming.referral=follow, com.sun.jndi.ldap.read.timeout=60000}out 29, 2020 3:36:02 PM WARNING hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager authenticateFailed communication with ldap server.javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; remaining name 'CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source) at org.acegisecurity.ldap.LdapTemplate$2.doInDirContext(LdapTemplate.java:168) at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)Caused: org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; remaining name 'CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local' at org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295) at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128) at org.acegisecurity.ldap.LdapTemplate.retrieveEntry(LdapTemplate.java:165) at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.bindWithDn(BindAuthenticator.java:87) at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:72) at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49) at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)Caused: org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; remaining name 'CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local'; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of: 'O=NNNNN,C=local']; remaining name 'CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local' at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47) at hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager.authenticate(LDAPSecurityRealm.java:1019) at hudson.security.LDAPSecurityRealm$DescriptorImpl.validate(LDAPSecurityRealm.java:1681) at hudson.security.LDAPSecurityRealm$DescriptorImpl.doValidate(LDAPSecurityRealm.java:1617) at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:536) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898) at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:281) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694) at org.kohsuke.stapler.Stapler.service(Stapler.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:763) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1631) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:153) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:51) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:36) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:549) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1369) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:489) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1284) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.Server.handle(Server.java:501) at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:272) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) at java.lang.Thread.run(Unknown Source)
out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.search.FilterBasedLdapUserSearch searchForUserSearching for user '919001', with user search [ searchFilter: '(&(sAMAccountName={0})(objectClass=User))', searchBase: 'OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local', scope: subtreesearchTimeLimit: 0derefLinkFlag: false ]out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.DefaultInitialDirContextFactory connectCreating InitialDirContext with environment {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.referral=follow, java.naming.security.principal=CN=MMMMMM,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local, com.sun.jndi.ldap.connect.timeout=30000, com.sun.jndi.ldap.connect.pool=true, com.sun.jndi.ldap.read.timeout=60000, java.naming.provider.url=ldap://ldap_address/, java.naming.security.authentication=simple, java.naming.security.credentials=******}out 29, 2020 3:36:02 PM FINE org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator getGrantedAuthoritiesGetting authorities for user CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=localout 29, 2020 3:36:02 PM FINE org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator getGroupMembershipRolesSearching for roles for user '919001', DN = 'CN=919001 - ROLE,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local', with filter (| (member={0}) (uniqueMember={0}) (memberUid={1})) in search base 'OU=DevOps,OU=ZZZZZZ,OU=SyncData,O=NNNNN,C=local'out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.DefaultInitialDirContextFactory connectCreating InitialDirContext with environment {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.referral=follow, java.naming.security.principal=CN=MMMMMM,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local, com.sun.jndi.ldap.connect.timeout=30000, com.sun.jndi.ldap.connect.pool=true, com.sun.jndi.ldap.read.timeout=60000, java.naming.provider.url=ldap://ldap_address/, java.naming.security.authentication=simple, java.naming.security.credentials=******}out 29, 2020 3:36:02 PM FINE org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator getGroupMembershipRolesRoles from search: [Administrador_DevOps]out 29, 2020 3:36:02 PM FINE org.acegisecurity.ldap.DefaultInitialDirContextFactory connectCreating InitialDirContext with environment {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.referral=follow, java.naming.security.principal=CN=MMMMMM,OU=XXX,OU=YYYYY,OU=SyncData,O=NNNNN,C=local, com.sun.jndi.ldap.connect.timeout=30000, com.sun.jndi.ldap.connect.pool=true, com.sun.jndi.ldap.read.timeout=60000, java.naming.provider.url=ldap://ldap_address/, java.naming.security.authentication=simple, java.naming.security.credentials=******}out 29, 2020 3:36:02 PM FINER jenkins.security.ExceptionTranslationFilterChain processed normally

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

ldap_security_realm.png
46 kB
2020-10-30 12:19
ldap_test.png
34 kB
2020-10-30 12:20

Assignee:: Flávio Gaspar

Reporter:: Flávio Gaspar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2020-10-30 12:40

Updated:: 2020-10-30 12:40

Details

Description

Attachments

Attachments

Activity

People

Dates