Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71644

Ldap bind base is invalid


    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • ldap-plugin
    • None
    • jenkins version: 2.263.1

      Using ldap in Jenkins has the following problems:

      Suppose the configuration is as follows:

      // code placeholder
      server: ldap:// 
      user base filter: cn=users,cn=accounts,dc=example1,dc=com

      If the dn returned by the LDAP server for the search request (uid=san.zhang) is

      uid=san.zhang, cn=users,cn=accounts,dc=example2,dc=com

      This dn is inconsistent with the configured user base filter.

      When the user logs in to ldap, it actually initiates a search request first, and then performs a bind operation according to the dn returned by the search request.

      When uid=san.zhang, cn=users,cn=accounts,dc=example2,dc=com are returned after this search request, jenkins will modify the result of this search and splice it into a new dn and pass it to the ldap server to perform the bind operation: ldap://, cn=users,cn=accounts,dc=example2,dc =com,cn=users,cn=accounts,dc=example1,dc=com  Then our ldap server will fail to bind.


      (Why does it return different basedn, because our Ldap Server is actually an Ldap Proxy, which will query multiple Ldap backend instances, and then match and search, so there are cases where basedn is different.)



            Unassigned Unassigned
            kolapapa kola
            0 Vote for this issue
            2 Start watching this issue