Problem with LDAP authentication, username=

657 views
Skip to first unread message

Leslie Giles

unread,
Jun 30, 2011, 3:22:08 PM6/30/11
to jenkins...@googlegroups.com
New installation of Jenkins 1.418.  I've set it up to use LDAP, but I can't get authentication to work.  In particular when I enter a name into the project-based matrix authorization table, I get this in the log file....

Jun 30, 2011 3:15:44 PM hudson.security.LDAPSecurityRealm$LDAPUserDetailsService loadUserByUsername
WARNING: Failed to search LDAP for username=bgp863
org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP: error code 50 - Search access not permitted with that filter]; nested exception is javax.naming.NoPermissionException: [LDAP: error code 50 - Search access not permitted with that filter]; remaining name ''

... along with a java stack backtrace.  If I use the Linux ldapsearch tool with a filter "username=bgp863" it says exactly the same thing - "Search access not permitted with that filter".

I can search using ldapsearch with the filter "uid=bgp863" - if I understand jenkins properly, I should be able to get it to search using the uid field by setting the "User search filter" field in the LDAP advanced settings to be "uid={0}" (which is also the default) - but setting this doesn't change the fact that jenkins is trying to search using the username= field instead of "uid=".

Here's my config.xml:

<?xml version='1.0' encoding='UTF-8'?>
<hudson>
  <disabledAdministrativeMonitors/>
  <version>1.418</version>
  <numExecutors>2</numExecutors>
  <mode>NORMAL</mode>
  <useSecurity>true</useSecurity>
  <authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
    <permission>hudson.model.Computer.Configure:anonymous</permission>
    <permission>hudson.model.Computer.Configure:authenticated</permission>
    <permission>hudson.model.Computer.Delete:anonymous</permission>
    <permission>hudson.model.Computer.Delete:authenticated</permission>
    <permission>hudson.model.Hudson.Administer:anonymous</permission>
    <permission>hudson.model.Hudson.Administer:authenticated</permission>
    <permission>hudson.model.Hudson.Read:anonymous</permission>
    <permission>hudson.model.Hudson.Read:authenticated</permission>
    <permission>hudson.model.Item.Build:anonymous</permission>
    <permission>hudson.model.Item.Build:authenticated</permission>
    <permission>hudson.model.Item.Configure:anonymous</permission>
    <permission>hudson.model.Item.Configure:authenticated</permission>
    <permission>hudson.model.Item.Create:anonymous</permission>
    <permission>hudson.model.Item.Create:authenticated</permission>
    <permission>hudson.model.Item.Delete:anonymous</permission>
    <permission>hudson.model.Item.Delete:authenticated</permission>
    <permission>hudson.model.Item.Read:anonymous</permission>
    <permission>hudson.model.Item.Read:authenticated</permission>
    <permission>hudson.model.Item.Workspace:anonymous</permission>
    <permission>hudson.model.Item.Workspace:authenticated</permission>
    <permission>hudson.model.View.Configure:anonymous</permission>
    <permission>hudson.model.View.Configure:authenticated</permission>
    <permission>hudson.model.View.Create:anonymous</permission>
    <permission>hudson.model.View.Create:authenticated</permission>
    <permission>hudson.model.View.Delete:anonymous</permission>
    <permission>hudson.model.View.Delete:authenticated</permission>
  </authorizationStrategy>
  <securityRealm class="hudson.security.LDAPSecurityRealm">
    <server>ids.mot-mobility.com</server>
    <rootDN>dc=motorola,dc=com</rootDN>
    <inhibitInferRootDN>false</inhibitInferRootDN>
    <userSearchBase></userSearchBase>
    <userSearch>uid={0}</userSearch>
    <managerPassword>THZNZEs5Nm1GZEtBUFNRZGh5VlIwZz09</managerPassword>
  </securityRealm>
  <markupFormatter class="hudson.markup.RawHtmlMarkupFormatter"/>
  <jdks/>
  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
  <clouds/>
  <slaves/>
  <quietPeriod>5</quietPeriod>
  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
  <views>
    <hudson.model.AllView>
      <owner class="hudson" reference="../../.."/>
      <name>All</name>
      <filterExecutors>false</filterExecutors>
      <filterQueue>false</filterQueue>
      <properties class="hudson.model.View$PropertyList"/>
    </hudson.model.AllView>
  </views>
  <primaryView>All</primaryView>
  <slaveAgentPort>0</slaveAgentPort>
  <label></label>
  <nodeProperties/>
  <globalNodeProperties/>
</hudson>

Help!

Lezz Giles

Vladimir Smolensky

unread,
Dec 21, 2017, 9:18:37 AM12/21/17
to Jenkins Users
I'm having the exact same problem, Jenkins ignores "User search filter", have you found a solution?

regards
Reply all
Reply to author
Forward
0 new messages