[JENKINS-7995] CLI login & credentials do not work with AD - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Minor
Resolution: Fixed
Component/s: active-directory-plugin
Labels:
None
Environment:
Win2k8 & Win2k3, Hudson 1.382 and prior, AD plugin 1.16, jdk1.6.0_17

Similar Issues:

Show

Description

--username and --password or --password-file options are not usable when trying to use the command line interface with active directory. Receive 'option' not valid error.

Below link recommened a fix per authentication plugin.
http://wiki.jenkins-ci.org/display/JENKINS/Hudson+CLI

"If the CLI reports these are invalid parameters, file an issue for your authentication type and ask them to extend AbstractPasswordBasedSecurityRealm instead of directly from SecurityRealm to get support for these parameters."

Thanks

Attachments

Issue Links

is duplicated by

JENKINS-8188 Hudson CLI returns "--username is not a valid option" when using the CLI login command

Resolved

JENKINS-8279 hudson cli login doesn't work on Active Directory security type

Resolved

JENKINS-7406 Hudson CLI doesn't work with MS-Active Directory auth

Resolved

is related to

JENKINS-6628 hudson-cli.jar login does not work

Resolved

Activity

Ascending order - Click to sort in descending order

VladDRussian added a comment - 2010-11-03 13:15

This can be seen with trying to run the login command or adding the credentials to a command when the annoymous user does not have permission. We are using Project-base Matrix security with AD.

java -jar hudson-cli.jar -s http://localhost login --username <NAME> --password <PASS>
can also specify '--password-file <fileName>' with the password in plain text inside.

VladDRussian added a comment - 2010-11-03 13:15 This can be seen with trying to run the login command or adding the credentials to a command when the annoymous user does not have permission. We are using Project-base Matrix security with AD. java -jar hudson-cli.jar -s http://localhost login --username <NAME> --password <PASS> can also specify '--password-file <fileName>' with the password in plain text inside.

catskul added a comment - 2010-11-19 13:32

I can confirm this issue, and am willing to test potential solutions if they are available.

catskul added a comment - 2010-11-19 13:32 I can confirm this issue, and am willing to test potential solutions if they are available.

VladDRussian added a comment - 2010-12-20 13:47

The link in the desc says this should be able to be resolved by changing what the AD plugin is extending.

These 4 are the same issue, current ID included.

http://issues.jenkins-ci.org/browse/JENKINS-7406
http://issues.jenkins-ci.org/browse/JENKINS-7995
http://issues.jenkins-ci.org/browse/JENKINS-8188
http://issues.jenkins-ci.org/browse/JENKINS-8279

VladDRussian added a comment - 2010-12-20 13:47 The link in the desc says this should be able to be resolved by changing what the AD plugin is extending. These 4 are the same issue, current ID included. http://issues.jenkins-ci.org/browse/JENKINS-7406 http://issues.jenkins-ci.org/browse/JENKINS-7995 http://issues.jenkins-ci.org/browse/JENKINS-8188 http://issues.jenkins-ci.org/browse/JENKINS-8279

SCM/JIRA link daemon added a comment - 2011-11-04 22:20

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
http://jenkins-ci.org/commit/active-directory-plugin/26b7a72dd7f1ae2f0e5d791b39dfb612d9d175ea
Log:
~~JENKINS-7995~~ Extending from AbstractPasswordBasedSecurityRealm to benefit from uniform CLI authentication.

SCM/JIRA link daemon added a comment - 2011-11-04 22:20 Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/26b7a72dd7f1ae2f0e5d791b39dfb612d9d175ea Log: JENKINS-7995 Extending from AbstractPasswordBasedSecurityRealm to benefit from uniform CLI authentication.

SCM/JIRA link daemon added a comment - 2011-11-04 22:20

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
http://jenkins-ci.org/commit/active-directory-plugin/4aa2ca82f7e25a9178072886e3564860f12cc97c
Log:
~~JENKINS-7995~~ pulled up a member

SCM/JIRA link daemon added a comment - 2011-11-04 22:20 Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/4aa2ca82f7e25a9178072886e3564860f12cc97c Log: JENKINS-7995 pulled up a member

SCM/JIRA link daemon added a comment - 2011-11-04 22:21

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
http://jenkins-ci.org/commit/active-directory-plugin/e8de31544da2aa61bc330954be047fcc161e5fd9
Log:
[FIXED JENKINS-7995] pull up another member, and supported user retrieval in the Unix provider so long as bind name/DN is set.

Compare: https://github.com/jenkinsci/active-directory-plugin/compare/46165c1...e8de315

SCM/JIRA link daemon added a comment - 2011-11-04 22:21 Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/e8de31544da2aa61bc330954be047fcc161e5fd9 Log: [FIXED JENKINS-7995] pull up another member, and supported user retrieval in the Unix provider so long as bind name/DN is set. Compare: https://github.com/jenkinsci/active-directory-plugin/compare/46165c1...e8de315

dogfood added a comment - 2011-11-04 22:31

Integrated in plugins_active-directory #41
~~JENKINS-7995~~ Extending from AbstractPasswordBasedSecurityRealm to benefit from uniform CLI authentication.
~~JENKINS-7995~~ pulled up a member
[FIXED JENKINS-7995] pull up another member, and supported user retrieval in the Unix provider so long as bind name/DN is set.

Kohsuke Kawaguchi :
Files :

src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java

Kohsuke Kawaguchi :
Files :

src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java

Kohsuke Kawaguchi :
Files :

src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java

dogfood added a comment - 2011-11-04 22:31 Integrated in plugins_active-directory #41 JENKINS-7995 Extending from AbstractPasswordBasedSecurityRealm to benefit from uniform CLI authentication. JENKINS-7995 pulled up a member [FIXED JENKINS-7995] pull up another member, and supported user retrieval in the Unix provider so long as bind name/DN is set. Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java

Rick Oosterholt added a comment - 2011-11-07 12:42

Thanks a lot!

Rick Oosterholt added a comment - 2011-11-07 12:42 Thanks a lot!

Tommy Wan added a comment - 2013-12-02 18:31

We encounter a strange issue about using AD to login Jenkins - 2 users (User1 and User2) belong to the same group (GroupA), yet
User1 can successfully login while User2 failed.

Any idea?
=====================================
Login successful: User1 dn=CN=User1,OU=GroupA,OU=Company Users,DC=Company,DC=ca

Dec 02, 2013 9:35:44 AM FINE hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider

Login failure: Incorrect password for User2 DN=CN=User2,OU=GroupA,OU=Company Users,DC=Company,DC=ca: error=8007052E
com4j.ComException: 8007052e Logon failure: unknown user name or bad password. : Logon failure: unknown user name or bad password.
: .\invoke.cpp:517
at com4j.Wrapper.invoke(Wrapper.java:166)
at $Proxy48.openDSObject(Unknown Source)
at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:92)
at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)

Tommy Wan added a comment - 2013-12-02 18:31 We encounter a strange issue about using AD to login Jenkins - 2 users (User1 and User2) belong to the same group (GroupA), yet User1 can successfully login while User2 failed. Any idea? ===================================== Login successful: User1 dn=CN=User1,OU=GroupA,OU=Company Users,DC=Company,DC=ca Dec 02, 2013 9:35:44 AM FINE hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider Login failure: Incorrect password for User2 DN=CN=User2,OU=GroupA,OU=Company Users,DC=Company,DC=ca: error=8007052E com4j.ComException: 8007052e Logon failure: unknown user name or bad password. : Logon failure: unknown user name or bad password. : .\invoke.cpp:517 at com4j.Wrapper.invoke(Wrapper.java:166) at $Proxy48.openDSObject(Unknown Source) at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:92) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)

Dieter Blomme added a comment - 2016-09-21 20:21

It seems I'm getting the problem again with the latest jenkins 1.x version and active-directory 1.49. It's the exact problem mentioned in the description here.

Dieter Blomme added a comment - 2016-09-21 20:21 It seems I'm getting the problem again with the latest jenkins 1.x version and active-directory 1.49. It's the exact problem mentioned in the description here.

Dieter Blomme added a comment - 2016-09-22 08:04

Apparently security was disabled again somehow, no idea how, but this can be closed again. Apologies.

Dieter Blomme added a comment - 2016-09-22 08:04 Apparently security was disabled again somehow, no idea how, but this can be closed again. Apologies.

People

Assignee:: Unassigned

Reporter:: VladDRussian

Votes:: 8 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 2010-11-03 13:11

Updated:: 2016-09-22 08:04

Resolved:: 2016-09-22 08:04