• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • ldap-plugin
    • None
    • Hudson 1.386; Windows XP; Hudson's built-in container (no Tomcat)

      Configuring LDAP authentication in Hudson:

      Server: ldaps://directory.sri.com
      root DN: o=SRI International,c=US
      User search base:
      User search filter: uid=

      {0}

      Group search base:
      Manager DN:
      Manager Password:

      org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'initialDirContextFactory': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.acegisecurity.ldap.DefaultInitialDirContextFactory]: Constructor threw exception; nested exception is java.lang.IllegalArgumentException: Root DNs must be the same when using multiple URLs
      at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:231)
      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:957)
      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:869)
      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:514)
      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
      at java.security.AccessController.doPrivileged(Native Method)
      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
      at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
      at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169)
      at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
      at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
      at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:413)
      at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:735)
      at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:369)
      at hudson.util.spring.DefaultRuntimeSpringConfiguration.getApplicationContext(DefaultRuntimeSpringConfiguration.java:94)
      at hudson.util.spring.BeanBuilder.createApplicationContext(BeanBuilder.java:388)
      at hudson.security.LDAPSecurityRealm.createSecurityComponents(LDAPSecurityRealm.java:344)
      at hudson.security.SecurityRealm.getSecurityComponents(SecurityRealm.java:359)
      at hudson.security.HudsonFilter.reset(HudsonFilter.java:134)
      at hudson.model.Hudson.setSecurityRealm(Hudson.java:1833)
      at hudson.model.Hudson.doConfigSubmit(Hudson.java:2345)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:102)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:562)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:640)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:478)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:160)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:94)
      at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:86)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Unknown Source)
      Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.acegisecurity.ldap.DefaultInitialDirContextFactory]: Constructor threw exception; nested exception is java.lang.IllegalArgumentException: Root DNs must be the same when using multiple URLs
      at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:98)
      at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:87)
      at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:225)
      ... 68 more
      Caused by: java.lang.IllegalArgumentException: Root DNs must be the same when using multiple URLs
      at org.acegisecurity.ldap.DefaultInitialDirContextFactory.setProviderUrl(DefaultInitialDirContextFactory.java:151)
      at org.acegisecurity.ldap.DefaultInitialDirContextFactory.(DefaultInitialDirContextFactory.java:124)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
      at java.lang.reflect.Constructor.newInstance(Unknown Source)
      at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:83)
      ... 70 more

          [JENKINS-8152] LDAP config error

          cjyar created issue -

          Harry G. added a comment - - edited

          I believe I found the reason for a variant of this problem, as discussed here: http://hudson.361315.n4.nabble.com/Active-Directory-problem-td1290316.html

          When leaving RootDN empty, Hudson fills in something like
          "defaultNamingContext: DC=de,DC=mycompany,DC=com"
          where it should be
          "DC=de,DC=mycompany,DC=com"

          So the string "defaultNamingContext: " should be omited.

          Harry G. added a comment - - edited I believe I found the reason for a variant of this problem, as discussed here: http://hudson.361315.n4.nabble.com/Active-Directory-problem-td1290316.html When leaving RootDN empty, Hudson fills in something like "defaultNamingContext: DC=de,DC=mycompany,DC=com" where it should be "DC=de,DC=mycompany,DC=com" So the string "defaultNamingContext: " should be omited.

          cjyar added a comment -

          In this case, the problem was caused by the space in our root DN. Replacing the space with %20 fixed it. However, it would be great if Hudson could provide a more helpful error message.

          cjyar added a comment - In this case, the problem was caused by the space in our root DN. Replacing the space with %20 fixed it. However, it would be great if Hudson could provide a more helpful error message.

          Harry G. added a comment - - edited

          I would like to propose to fix three issues here:

          • automatically replace spaces by %20 (and other common URL parsing functionality like backslashes)
          • omit "defaultNamingContext: " when creating a default value for RootDN
          • in case of invalid root DN give a helpful error message directly nearby the RootDN entry field, like with other values - not an exception on save

          Harry G. added a comment - - edited I would like to propose to fix three issues here: automatically replace spaces by %20 (and other common URL parsing functionality like backslashes) omit "defaultNamingContext: " when creating a default value for RootDN in case of invalid root DN give a helpful error message directly nearby the RootDN entry field, like with other values - not an exception on save

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          changelog.html
          core/src/main/java/hudson/security/LDAPSecurityRealm.java
          http://jenkins-ci.org/commit/jenkins/c99fc315dddf707dba3a2dea6a048bd76dce4c2e
          Log:
          [FIXED JENKINS-8152]

          Formatting error in the rootDN inference code. It shouldn't include
          attribute name.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: changelog.html core/src/main/java/hudson/security/LDAPSecurityRealm.java http://jenkins-ci.org/commit/jenkins/c99fc315dddf707dba3a2dea6a048bd76dce4c2e Log: [FIXED JENKINS-8152] Formatting error in the rootDN inference code. It shouldn't include attribute name.
          SCM/JIRA link daemon made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]

          dogfood added a comment -

          Integrated in jenkins_main_trunk #1502
          [FIXED JENKINS-8152] (Revision c99fc315dddf707dba3a2dea6a048bd76dce4c2e)

          Result = SUCCESS
          Kohsuke Kawaguchi : c99fc315dddf707dba3a2dea6a048bd76dce4c2e
          Files :

          • core/src/main/java/hudson/security/LDAPSecurityRealm.java
          • changelog.html

          dogfood added a comment - Integrated in jenkins_main_trunk #1502 [FIXED JENKINS-8152] (Revision c99fc315dddf707dba3a2dea6a048bd76dce4c2e) Result = SUCCESS Kohsuke Kawaguchi : c99fc315dddf707dba3a2dea6a048bd76dce4c2e Files : core/src/main/java/hudson/security/LDAPSecurityRealm.java changelog.html

          Code changed in jenkins
          User: Stig Kleppe-Jørgensen
          Path:
          src/main/java/hudson/plugins/promoted_builds/Promotion.java
          http://jenkins-ci.org/commit/promoted-builds-plugin/9b79be8796fe054ed02fa1d3ca01f57542e5fa83
          Log:
          Merge pull request #11 from ybonnel/master

          [FIXES JENKINS-8152] Adds PROMOTED_<scm stuff> variables for SCM information

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stig Kleppe-Jørgensen Path: src/main/java/hudson/plugins/promoted_builds/Promotion.java http://jenkins-ci.org/commit/promoted-builds-plugin/9b79be8796fe054ed02fa1d3ca01f57542e5fa83 Log: Merge pull request #11 from ybonnel/master [FIXES JENKINS-8152] Adds PROMOTED_<scm stuff> variables for SCM information

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          core/src/main/java/hudson/security/LDAPSecurityRealm.java
          http://jenkins-ci.org/commit/jenkins/fa95a3a439584e6a19349360c6c4f68a7a404e01
          Log:
          [FIXED JENKINS-8152]

          Formatting error in the rootDN inference code. It shouldn't include
          attribute name.

          Cherry-picked-from: c99fc315dddf707dba3a2dea6a048bd76dce4c2e

          Compare: https://github.com/jenkinsci/jenkins/compare/a7e3bae...fa95a3a

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: core/src/main/java/hudson/security/LDAPSecurityRealm.java http://jenkins-ci.org/commit/jenkins/fa95a3a439584e6a19349360c6c4f68a7a404e01 Log: [FIXED JENKINS-8152] Formatting error in the rootDN inference code. It shouldn't include attribute name. Cherry-picked-from: c99fc315dddf707dba3a2dea6a048bd76dce4c2e Compare: https://github.com/jenkinsci/jenkins/compare/a7e3bae...fa95a3a

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          core/src/main/java/hudson/security/LDAPSecurityRealm.java
          http://jenkins-ci.org/commit/ldap-plugin/c32808c8d74c4b5508689040863529c3676defc4
          Log:
          [FIXED JENKINS-8152]

          Formatting error in the rootDN inference code. It shouldn't include
          attribute name.

          Originally-Committed-As: c99fc315dddf707dba3a2dea6a048bd76dce4c2e

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: core/src/main/java/hudson/security/LDAPSecurityRealm.java http://jenkins-ci.org/commit/ldap-plugin/c32808c8d74c4b5508689040863529c3676defc4 Log: [FIXED JENKINS-8152] Formatting error in the rootDN inference code. It shouldn't include attribute name. Originally-Committed-As: c99fc315dddf707dba3a2dea6a048bd76dce4c2e

            andresrc Andres Rodriguez
            cjyar cjyar
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: