Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71111

LDAP plugin fails on first configuration attempt

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • ldap-plugin
    • None
    • Docker container Jenkins 2.396

      Hi;

      We can't seem to configure Jenkins to use LDAP with our server.

      • Go to https://jenkins.example.org/manage/configureSecurity/
      • Pick "LDAP" security realm
      • Enter server name: ldapserver.example.org
      • Click "Test LDAP Settings"
      • Enter "fred"/"fred" as user and password
      • Get normal error about "User lookup: user "fred" does not exist."
      • Enter "realuser"/"realpassword" or "realuser"/"fakepassword"
      • Get 

        Oops!

        A problem occurred while processing the request.

        Logging ID=54931cca-2cc5-4a02-8da8-22f950626835

      • Logging output: ```
         

       # docker logs jenkins |& grep -A 200 54931cca-2cc5-4a02-8da8-22f950626835

      2023-04-20 16:39:55.541+0000 [id=638692] WARNING h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID 54931cca-2cc5-4a02-8da8-22f950626835
      org.springframework.dao.IncorrectResultSizeDataAccessException: Incorrect result size: expected 1, actual 2
      at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:290)
      at org.springframework.security.ldap.SpringSecurityLdapTemplate.lambda$searchForSingleEntry$3(SpringSecurityLdapTemplate.java:260)
      at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:821)
      at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:807)
      at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:260)
      at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:100)
      at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:86)
      at jenkins.security.plugins.ldap.BindAuthenticator2.authenticate(BindAuthenticator2.java:50)
      at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:174)
      at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:79)
      at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)
      at hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager.authenticate(LDAPSecurityRealm.java:993)
      at hudson.security.LDAPSecurityRealm$DescriptorImpl.validate(LDAPSecurityRealm.java:1595)
      at hudson.security.LDAPSecurityRealm$DescriptorImpl.doValidate(LDAPSecurityRealm.java:1531)
      at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
      at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
      at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78)
      at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
      at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:558)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
      Caused: javax.servlet.ServletException
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:818)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
      at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:289)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:836)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
      at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:698)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:248)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
      at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
      at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157)
      at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160)
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:154)
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
      at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
      at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:110)
      at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227)
      at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117)
      at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
      at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
      at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1383)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
      at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1305)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
      at org.eclipse.jetty.server.Server.handle(Server.java:563)
      at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
      at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
      at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
      at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
      at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
      at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
      at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
      at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:416)
      at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:385)
      at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:272)
      at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:140)
      at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
      at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:934)
      at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1078)
      at java.base/java.lang.Thread.run(Thread.java:829)
      2023-04-20 16:43:58.188+0000 [id=631511] INFO o.s.s.l.DefaultSpringSecurityContextSource#<init>: Configure with URL ldap://ldapserver.example.org/dc=example,dc=org and root DN dc=example,dc=org
      2023-04-20 16:43:58.189+0000 [id=631511] INFO o.s.l.c.s.AbstractContextSource#afterPropertiesSet: Property 'userDn' not set - anonymous context will be used for read-write operations
      2023-04-20 16:43:58.189+0000 [id=631511] INFO o.s.s.l.s.FilterBasedLdapUserSearch#<init>: Searches will be performed from the root dc=example,dc=org since SearchBase not set
      2023-04-20 16:43:58.190+0000 [id=631511] INFO o.s.s.l.u.DefaultLdapAuthoritiesPopulator#<init>: Will perform group search from the context source base since groupSearchBase is empty.
      2023-04-20 16:43:58.199+0000 [id=631511] WARNING o.e.j.s.h.ContextHandler$Context#log: Error while serving https://jenkins.example.org/manage/descriptorByName/hudson.security.LDAPSecurityRealm/validate
      org.springframework.dao.IncorrectResultSizeDataAccessException: Incorrect result size: expected 1, actual 2
      at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:290)
      at org.springframework.security.ldap.SpringSecurityLdapTemplate.lambda$searchForSingleEntry$3(SpringSecurityLdapTemplate.java:260)
      at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:821)
      at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:807)
      at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:260)
      at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:100)
      at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:86)
      at jenkins.security.plugins.ldap.BindAuthenticator2.authenticate(BindAuthenticator2.java:50)
      at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:174)
      at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:79)
      at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)
      at hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager.authenticate(LDAPSecurityRealm.java:993)
      at hudson.security.LDAPSecurityRealm$DescriptorImpl.validate(LDAPSecurityRealm.java:1595)
      at hudson.security.LDAPSecurityRealm$DescriptorImpl.doValidate(LDAPSecurityRealm.java:1531)
      at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
      at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
      Caused: java.lang.reflect.InvocationTargetException
      at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:401)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
      at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78)
      at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
      at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:558)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
      at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:289)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:836)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
      at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:698)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:248)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
      at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
      at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157)
      at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160)
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:154)
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
      at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
      at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
      ```
       

       

            Unassigned Unassigned
            pdragon C H
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: