Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69408

LDAP login fails

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Blocker
    • Resolution: Unresolved
    • ldap-plugin
    • None
    • docker container jenkins/jenkins:2.346.3-lts-jdk11, LDAP-plugin 2.12

    Description

      LDAP testings is currently known to fail, see JENKINS-68748. Bt it's said LDAP login should work. Well, for me this fails with various error that I can't really make sense of. Using the setting that work fine with an older Jenkins instance (basically all field empty), I get this:

      WARNING    h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID defd386f-bff5-4a2f-b2b9-e348458caae2
      javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name ''
          at java.naming/com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:330)
          at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:171)
          at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
          at java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
          at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2014)
          at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1873)
          at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
          at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
          at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
          at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
          at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
          at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:326)
          at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:367)
      Caused: org.springframework.ldap.InvalidSearchFilterException: Missing 'equals'; nested exception is javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name ''
          at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:143)
          at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:401)
          at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:332)
          at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:633)
          at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:574)
          at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForMultipleAttributeValues(SpringSecurityLdapTemplate.java:197)
          at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:223)
          at hudson.security.LDAPSecurityRealm$AuthoritiesPopulatorImpl.getGroupMembershipRoles(LDAPSecurityRealm.java:1427)
          at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:202)
          at jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy.getGrantedAuthorities(FromGroupSearchLDAPGroupMembershipStrategy.java:81)
          at hudson.security.LDAPSecurityRealm$WrappedAuthoritiesPopulator.getGrantedAuthorities(LDAPSecurityRealm.java:1380)
          at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:197)
          at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:81)
          at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)
          at hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager.authenticate(LDAPSecurityRealm.java:993)
          at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:85)
          at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
          at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:213)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
          at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
          at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
          at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
          at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
          at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
          at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
          at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
          at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
          at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
          at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
          at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
          at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
          at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
          at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
          at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
          at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
          at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
          at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
          at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
          at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
          at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
          at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:571)
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
          at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
          at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
          at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
          at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
          at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
          at org.eclipse.jetty.server.Server.handle(Server.java:516)
          at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
          at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
          at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
          at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
          at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
          at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
          at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
          at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
          at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
          at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
          at java.base/java.lang.Thread.run(Thread.java:829)
      

      Using the default setting in the filed I get this:

      WARNING	h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID 9e0a72a7-398c-4c2c-838b-1ce4b9ccb8ba
      javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'ou=groups'
      	at java.naming/com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:330)
      	at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:171)
      	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
      	at java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
      	at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2014)
      	at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1873)
      	at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
      	at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
      	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
      	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
      	at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
      	at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:326)
      	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:367)
      Caused: org.springframework.ldap.InvalidSearchFilterException: Missing 'equals'; nested exception is javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'ou=groups'
      	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:143)
      	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:401)
      	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:332)
      	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:633)
      	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:574)
      	at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForMultipleAttributeValues(SpringSecurityLdapTemplate.java:197)
      	at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:223)
      	at hudson.security.LDAPSecurityRealm$AuthoritiesPopulatorImpl.getGroupMembershipRoles(LDAPSecurityRealm.java:1427)
      	at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:202)
      	at jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy.getGrantedAuthorities(FromGroupSearchLDAPGroupMembershipStrategy.java:81)
      	at hudson.security.LDAPSecurityRealm$WrappedAuthoritiesPopulator.getGrantedAuthorities(LDAPSecurityRealm.java:1380)
      	at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:197)
      	at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:81)
      	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)
      	at hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager.authenticate(LDAPSecurityRealm.java:993)
      	at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:85)
      	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
      	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:213)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
      	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
      	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
      	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
      	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
      	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
      	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
      	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
      	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
      	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
      	at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
      	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
      	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:571)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
      	at org.eclipse.jetty.server.Server.handle(Server.java:516)
      	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
      	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
      	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
      	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
      	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
      	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
      	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
      	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
      	at java.base/java.lang.Thread.run(Thread.java:829)
      

      Attachments

        Issue Links

          Activity

            There are no comments yet on this issue.

            People

              Unassigned Unassigned
              axelh Axel Heider
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: