Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-7995

CLI login & credentials do not work with AD

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Minor
    • Resolution: Fixed
    • active-directory-plugin
    • None
    • Win2k8 & Win2k3, Hudson 1.382 and prior, AD plugin 1.16, jdk1.6.0_17

    Description

      --username and --password or --password-file options are not usable when trying to use the command line interface with active directory. Receive 'option' not valid error.

      Below link recommened a fix per authentication plugin.
      http://wiki.jenkins-ci.org/display/JENKINS/Hudson+CLI

      "If the CLI reports these are invalid parameters, file an issue for your authentication type and ask them to extend AbstractPasswordBasedSecurityRealm instead of directly from SecurityRealm to get support for these parameters."

      Thanks

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-8188 Hudson CLI returns "--username is not a valid option" when using the CLI login command

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-8279 hudson cli login doesn't work on Active Directory security type

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-7406 Hudson CLI doesn't work with MS-Active Directory auth

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-6628 hudson-cli.jar login does not work

          • Major - Major loss of function.
          • Resolved

          Activity

            Ascending order - Click to sort in descending order
            View 6 older comments
            dogfood dogfood added a comment -

            Integrated in plugins_active-directory #41
            JENKINS-7995 Extending from AbstractPasswordBasedSecurityRealm to benefit from uniform CLI authentication.
            JENKINS-7995 pulled up a member
            [FIXED JENKINS-7995] pull up another member, and supported user retrieval in the Unix provider so long as bind name/DN is set.

            Kohsuke Kawaguchi :
            Files :

            • src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java

            Kohsuke Kawaguchi :
            Files :

            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java

            Kohsuke Kawaguchi :
            Files :

            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
            dogfood dogfood added a comment - Integrated in plugins_active-directory #41 JENKINS-7995 Extending from AbstractPasswordBasedSecurityRealm to benefit from uniform CLI authentication. JENKINS-7995 pulled up a member [FIXED JENKINS-7995] pull up another member, and supported user retrieval in the Unix provider so long as bind name/DN is set. Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
            ricktw Rick Oosterholt added a comment -

            Thanks a lot!

            ricktw Rick Oosterholt added a comment - Thanks a lot!
            tommy_wan Tommy Wan added a comment -

            We encounter a strange issue about using AD to login Jenkins - 2 users (User1 and User2) belong to the same group (GroupA), yet
            User1 can successfully login while User2 failed.

            Any idea?
            =====================================
            Login successful: User1 dn=CN=User1,OU=GroupA,OU=Company Users,DC=Company,DC=ca

            Dec 02, 2013 9:35:44 AM FINE hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider

            Login failure: Incorrect password for User2 DN=CN=User2,OU=GroupA,OU=Company Users,DC=Company,DC=ca: error=8007052E
            com4j.ComException: 8007052e Logon failure: unknown user name or bad password. : Logon failure: unknown user name or bad password.
            : .\invoke.cpp:517
            at com4j.Wrapper.invoke(Wrapper.java:166)
            at $Proxy48.openDSObject(Unknown Source)
            at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:92)
            at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
            at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
            at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
            at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
            at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)

            tommy_wan Tommy Wan added a comment - We encounter a strange issue about using AD to login Jenkins - 2 users (User1 and User2) belong to the same group (GroupA), yet User1 can successfully login while User2 failed. Any idea? ===================================== Login successful: User1 dn=CN=User1,OU=GroupA,OU=Company Users,DC=Company,DC=ca Dec 02, 2013 9:35:44 AM FINE hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider Login failure: Incorrect password for User2 DN=CN=User2,OU=GroupA,OU=Company Users,DC=Company,DC=ca: error=8007052E com4j.ComException: 8007052e Logon failure: unknown user name or bad password. : Logon failure: unknown user name or bad password. : .\invoke.cpp:517 at com4j.Wrapper.invoke(Wrapper.java:166) at $Proxy48.openDSObject(Unknown Source) at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:92) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            daften Dieter Blomme added a comment -

            It seems I'm getting the problem again with the latest jenkins 1.x version and active-directory 1.49. It's the exact problem mentioned in the description here.

            daften Dieter Blomme added a comment - It seems I'm getting the problem again with the latest jenkins 1.x version and active-directory 1.49. It's the exact problem mentioned in the description here.
            daften Dieter Blomme added a comment -

            Apparently security was disabled again somehow, no idea how, but this can be closed again. Apologies.

            daften Dieter Blomme added a comment - Apparently security was disabled again somehow, no idea how, but this can be closed again. Apologies.

            People

              Unassigned Unassigned
              vladdrussian VladDRussian
              Votes:
              8 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: