-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
Hudson build server:
java version "1.6.0"
OpenJDK Runtime Environment (build 1.6.0-b09)
OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)
on a CentOS 5.5 VMWARE virtual machine
Hudson running https on port 8081.
Started with java and hudson.war (No Apache frontend)
Settings in the
Security Realm:
server field: ldap1.xxx.xxx.se
root DN: dc=xxx,dc=yyy,dc=se
User search filter: uid={0}
Rest of the LDAP fields are empty
----------------------------------
The LDAP SERVER
openLDAP 2.4.16 on Solaris 10
ldapsearch to this server works fine.
Hudson build server: java version "1.6.0" OpenJDK Runtime Environment (build 1.6.0-b09) OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode) on a CentOS 5.5 VMWARE virtual machine Hudson running https on port 8081. Started with java and hudson.war (No Apache frontend) Settings in the Security Realm: server field: ldap1.xxx.xxx.se root DN: dc=xxx,dc=yyy,dc=se User search filter: uid={0} Rest of the LDAP fields are empty ---------------------------------- The LDAP SERVER openLDAP 2.4.16 on Solaris 10 ldapsearch to this server works fine.
Hi!
I'm trying to secure a hudson installation.
Tested this since Hudson version 1.376 don't work with openLDAP login autentication.
Found a link to this Spring Security build
I get the following Exception when trying to log in to a running hudson instance.
Hudson ver. 1.350-SNAPSHOT (private-03/08/2010 07:19-mindless)
Error when I try to log in.
-----------------------
Status Code: 500
Exception:
Stacktrace:
java.lang.ClassCastException: com.sun.jndi.ldap.LdapCtx cannot be cast to org.springframework.ldap.core.DirContextAdapter
at org.springframework.security.ldap.SpringSecurityLdapTemplate$2.mapFromContext(SpringSecurityLdapTemplate.java:154)
at org.springframework.ldap.core.ContextMapperCallbackHandler.getObjectFromNameClassPair(ContextMapperCallbackHandler.java:67)
at org.springframework.ldap.core.CollectingNameClassPairCallbackHandler.handleNameClassPair(CollectingNameClassPairCallbackHandler.java:50)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:297)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:524)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:170)
at org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:206)
at org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:179)
at org.springframework.security.providers.ldap.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:243)
at org.springframework.security.providers.ldap.LdapAuthenticationProvider.authenticate(LdapAuthenticationProvider.java:231)
at org.springframework.security.providers.ProviderManager.doAuthentication(ProviderManager.java:188)
at org.springframework.security.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:46)
at org.springframework.security.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:82)
at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:259)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilterHttp(HttpSessionContextIntegrationFilter2.java:68)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
at java.lang.Thread.run(Thread.java:636)
Generated by Winstone Servlet Engine v0.9.10 at Wed Sep 22 17:29:23 CEST 2010
------------------------------------------
Any ideas?
/kolv
- is related to
-
JENKINS-4195 Authentication via LDAP fails
-
- Closed
-
Hi!
I made some more tests and google research! The error handling could certainly be improved! The LDAP search base for users and groups have to be correct. The dc entries should only specified once in the Root DN field.
In our setup LDAP authentication and Hudson login works OK in hudson 1.378 (https and No apache frontend )
Hudson LDAP config
Server: ldapx.xxxx.yyyy.se
{0}Root DN: dc=xxxx,dc=yyyy,dc=se
User Search Base: ou=users
User Search Filter: uid=
Group Search Base: ou=groups
Manager DN: <empty field>
Manager Password: <empty field>
I used the following ldapsearch command to test LDAP auth from CLI/OS level
ldapsearch -x -W -D uid=myuser,ou=users,dc=xxxx,dc=yyyy,dc=se -h ldapx.xxxx.yyyy.se -b ou=users,dc=xxxx,dc=yyyy,dc=se uid=anotheruser
One suggestion except error handling would be a LDAP test button and some additional guidelines
Best regards / Kolv