-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Jenkins: 2.277.1
OS: Windows Server 2016 - 10.0
Tomcat 8.5
ActiveDirectory
---
ldap:2.4
-
-
ldap 2.10.1
We are using the LDAP plugin to authenticate the users against MS Active Directory.
If I test the LDAP settings we get this warning message (see also the picture: Dn_inconsistent_example.png
):
Dn inconsistent (login cn=User Xyz,ou=Employees,ou=Example AG,dc=example,dc=com versus lookup CN=User Xyz,OU=Employees,OU=Example AG,DC=example,DC=com)
In your code I saw you just string compare the both 'inputs'. Is it important for other LDAP backends (like OpenLDAP) to do this check case sensitive? Is "DC=", "OU=" and so on case sensitive? I don't know the details here.
What are the implications for running Jenkins when I get such a message?
- links to
[JENKINS-65117] LDAP Plugin with 'Dn inconsistent' message using ActiveDirectory
Klaus
created issue -
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
| Assignee | New: James Nord [ teilo ] |
| Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
| Status | Original: In Review [ 10005 ] | New: In Progress [ 3 ] |
| Status | Original: In Progress [ 3 ] | New: Open [ 1 ] |
| Assignee | Original: James Nord [ teilo ] |
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
| Comment |
[ I took a quick look but it is not a trivial fix as I first thought as the DN we get back is just a string and not a parsed object.
I do not want to switch to a full case insensitive comparator (if using case insensitive usernames) as that would compare the full tree as case insensitive which could be incorrect, and may also have issues with certain locales. ] |
| Assignee | New: James Nord [ teilo ] |
| Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |