Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29280

Chrome browser username autofill adds username as bindName in LDAP


    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • Jenkins 1.580 on CentOs
      ActiveDirectory plugin 1.39
      Chrome browser ver 43.0.235

      Jenkins 2.46.1 on Ubuntu 16.04.2 LTS
      ActiveDirectory plugin 2.4
      Chrome browser ver 57.0.2987.133

      Jenkins 2.46.2
      AD plugin 2.4

      Chromes auto-fill , populates the username and password of any user who has logged in to Jenkins into the 'bindName' , 'bindPassword' field in the Advanced section of 'Active Directory' under Configure Global Security .

      As a result , on saving this ( without noticing ) , no users are able to login .

      The only way to fix this was to manually edit the config.xml to remove the erroneous <bindName> and restart the Jenkins instance .

      Am calling this a bug due to the disruptive nature of the issue ( which called for a restart of the Jenkins service )

      This happens silently as the 'Advanced fields' are not expanded and thus not seen by default .

      Autocomplete/autopopulate should be blocked for the fields in Active Directory plugin to prevent such cases .

      Taher .

            Unassigned Unassigned
            taherkf Taher K F
            13 Vote for this issue
            17 Start watching this issue