Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17692

Active Directory Plugin - Fails to retreive users with swedish characters in full name

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • Ubuntu 12.0.4 LTS, Jenkins 1.512, Active Directory Plugin 1.31

    Description

      I've added the AD Plugin 1.31 to my Jenkins installation and it works as long as my users don't have swedish characters in their full name in the AD. For example, username test.testsson with full name Test Testsson will work just fine. Username bjorn.borg with full name Björn Borg will fail.

      I'm pretty sure this has something to do with it:
      CN=Bj\u00F6mrn Borg,OU=Users,DC=my,DC=Domain

      If I change Björns full name to "Bjorn Borg" in AD, it works just fine:
      CN=Bjorn Borg,OU=Users,DC=my,DC=Domain

      Is there a work-around or a fix?

      /Jocke

      Here is a Log example:

      Apr 22, 2013 10:20:44 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: Connecting to ldap://server.my.domain:3268/

      Apr 22, 2013 10:20:44 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: _gc._tcp.my.domain resolved to [server.my.domain:3268]

      Apr 22, 2013 10:20:44 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: SRV record found: 0 100 3268 server.my.domain.

      Apr 22, 2013 10:20:44 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: Attempting to resolve _gc._tcp.my.domain to SRV record

      Apr 22, 2013 10:20:17 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: Failed toretrieve user bjorn.borg
      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for bjorn.borg; nested exception is javax.naming.InvalidNameException: CN=Bj\u00F6mrn Borg,OU=Users,DC=my,DC=domain: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name 'CN=Bj\u00F6mrn Borg,OU=Users,DC=my,DC=domain'
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:309)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
      at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
      at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
      at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
      at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
      at java.util.concurrent.FutureTask.run(FutureTask.java:166)
      at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:722)
      Caused by: javax.naming.InvalidNameException: CN=Bj\u00F6mrn Borg,OU=Users,DC=my,DC=domain: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name 'CN=Bj\u00F6mrn Borg,OU=Users,DC=my,DC=Domain'
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3025)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
      at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1332)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:373)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:293)
      ... 35 more

      Attachments

        Issue Links

          Activity

            heinzepreller heinzepreller added a comment -

            We are facing the same Issue with german Umlauts in the Full AD Name. I can't tell if Umlauts in the login name work but if someone has the Login "Benjamin" and his full name is "Benjamin Blümchen" ist doesn't work.

            heinzepreller heinzepreller added a comment - We are facing the same Issue with german Umlauts in the Full AD Name. I can't tell if Umlauts in the login name work but if someone has the Login "Benjamin" and his full name is "Benjamin Blümchen" ist doesn't work.

            Code changed in jenkins
            User: Marc Schoechlin
            Path:
            src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            http://jenkins-ci.org/commit/active-directory-plugin/77ab72e11eac474f09a8f484f2ebc7589a6350b3
            Log:
            Reverted 45987d2e/tbarbieri

            Login in with german umlauts in the distinguished name ist not possible
            anyore. We tested sucessfully the revert with our setup.
            See also: JENKINS-17692

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Marc Schoechlin Path: src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/77ab72e11eac474f09a8f484f2ebc7589a6350b3 Log: Reverted 45987d2e/tbarbieri Login in with german umlauts in the distinguished name ist not possible anyore. We tested sucessfully the revert with our setup. See also: JENKINS-17692

            It seems that commit 45987d2e/tbarbieri breaks handling with german umlauts in the destinguished name(dn).

            I reverted the the change by 77ab72e11eac474f09a8f484f2ebc7589a6350b3.

            scoopex Marc Schoechlin added a comment - It seems that commit 45987d2e/tbarbieri breaks handling with german umlauts in the destinguished name(dn). I reverted the the change by 77ab72e11eac474f09a8f484f2ebc7589a6350b3.

            This problem was fixed in 1.32.

            kohsuke Kohsuke Kawaguchi added a comment - This problem was fixed in 1.32.

            People

              kohsuke Kohsuke Kawaguchi
              jockepihlstrom Jocke Pihlström
              Votes:
              5 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: