Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8461

-Dhudson.plugins.active_directory.ActiveDirectorySecurityRealm.domainControllers=<my host>:389 fails

      Override domain controllers
      -----------------------------------------

      This plugin follows the standard lookup procedure to determine the
      list of candidate Active Directory domain controllers, and this should
      be suffice for the normal circumstances. But if for some reasons it
      isn't, you can manually override and provide the list of domain
      controllers by setting the system property
      "hudson.plugins.active_directory.ActiveDirectorySecurityRealm.domainControllers"
      with the value of the format "host:port,host:port,...". The port
      should be normally 3269 (for global catalog over SSL), 636 (LDAP over
      SSL), 3268 (for global catalog), or 389 (LDAP.)

      So I've started my Tomcat with the system property as follows:

      -Dhudson.plugins.active_directory.ActiveDirectorySecurityRealm.domainControllers=<my
      host>:389

      However the plugin doesn't appear to pick this up.

          [JENKINS-8461] -Dhudson.plugins.active_directory.ActiveDirectorySecurityRealm.domainControllers=<my host>:389 fails

          You can check if the value is taking effect by running "println hudson.plugins.active_directory.ActiveDirectorySecurityRealm.DOMAIN_CONTROLLERS" from your Groovy script console. I double-checked the code and I think it is doing the right thing, though.

          What made you conclude that this property isn't being consulted?

          Kohsuke Kawaguchi added a comment - You can check if the value is taking effect by running "println hudson.plugins.active_directory.ActiveDirectorySecurityRealm.DOMAIN_CONTROLLERS" from your Groovy script console. I double-checked the code and I think it is doing the right thing, though. What made you conclude that this property isn't being consulted?

          John Schleigh added a comment -

          I have this same problem. I can see exceptions related to SSL handshakes failing between Jenkins and our AD server in the jenkins.log file.

          Jun 20, 2011 10:37:58 AM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication
          INFO: Login attempt failed
          org.acegisecurity.AuthenticationServiceException: Failed to bind to LDAP server with the bind name/password; nested exception is org
          .acegisecurity.BadCredentialsException: Either no such user 'CN=xxx,CN=xxx,DC=xxx,DC=xxx' or incorrect password; ne
          sted exception is javax.naming.CommunicationException: simple bind failed: xxx.xxx.xxx.xxx:389 [Root exception is javax.net.ssl.SSLHan
          dshakeException: Remote host closed connection during handshake]

          Every message related to the AD lookup indicates SSL handshake failures.

          Is the property hudson.plugins.active_directory.ActiveDirectorySecurityRealm.domainControllers or hudson.plugins.active_directory.ActiveDirectorySecurityRealm.DOMAIN_CONTROLLERS? I set the former option per the plugin homepage override switches section.

          John Schleigh added a comment - I have this same problem. I can see exceptions related to SSL handshakes failing between Jenkins and our AD server in the jenkins.log file. Jun 20, 2011 10:37:58 AM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication INFO: Login attempt failed org.acegisecurity.AuthenticationServiceException: Failed to bind to LDAP server with the bind name/password; nested exception is org .acegisecurity.BadCredentialsException: Either no such user 'CN=xxx,CN=xxx,DC=xxx,DC=xxx' or incorrect password; ne sted exception is javax.naming.CommunicationException: simple bind failed: xxx.xxx.xxx.xxx:389 [Root exception is javax.net.ssl.SSLHan dshakeException: Remote host closed connection during handshake] Every message related to the AD lookup indicates SSL handshake failures. Is the property hudson.plugins.active_directory.ActiveDirectorySecurityRealm.domainControllers or hudson.plugins.active_directory.ActiveDirectorySecurityRealm.DOMAIN_CONTROLLERS? I set the former option per the plugin homepage override switches section.

            Unassigned Unassigned
            karianna karianna
            Votes:
            2 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: