[JIRA] [active-directory-plugin] (JENKINS-28664) LDAPS Authorization not possible

12 views
Skip to first unread message

heinzepreller@java.net (JIRA)

unread,
Jun 1, 2015, 3:34:01 AM6/1/15
to jenkinsc...@googlegroups.com
heinzepreller created an issue
 
Jenkins / Bug JENKINS-28664
LDAPS Authorization not possible
Issue Type: Bug Bug
Assignee: Unassigned
Components: active-directory-plugin
Created: 01/Jun/15 7:33 AM
Environment: Ubuntu 14.04.2 LTS
Jenkins ver. 1.614
Active Directory plugin 1.39
Java 1.7.0_79-b14
Priority: Major Major
Reporter: heinzepreller

Hi,

i'm trying to secure LDAP Logon so i decided to switch from LDAP to LDAPS.

I tried both LDAPS Ports 3269 and 636 with "Test" in Global Security Config but none of them are working. I'm getting immediate Error: 

Bad bind username or password
org.acegisecurity.BadCredentialsException: Either no such user 'CN=XXXXXX,OU=XXXXX,OU=XXXXXXX,DC=XXXX,DC=XX' or incorrect password; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms.
	at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:453)
	at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.doValidate(ActiveDirectorySecurityRealm.java:369)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:123)
	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:114)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
	at org.eclipse.jetty.server.Server.handle(Server.java:370)
	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
	at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms.
	at com.sun.jndi.ldap.Connection.readReply(Connection.java:483)
	at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:364)
	at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:213)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
	at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2635)
	at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2622)
	at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2618)
	at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:514)
	at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:430)
	... 74 more

Other Systems (JIRA, Artifactory ...) are working well with LDAPS - so it has to be something with Jenkins in my opinion.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)
Atlassian logo

heinzepreller@java.net (JIRA)

unread,
Jun 1, 2015, 3:37:02 AM6/1/15
to jenkinsc...@googlegroups.com
heinzepreller updated an issue
Change By: heinzepreller
Attachment: Global Config.png

heinzepreller@java.net (JIRA)

unread,
Jun 1, 2015, 3:38:01 AM6/1/15
to jenkinsc...@googlegroups.com
heinzepreller updated an issue
Hi,

i'm trying to secure LDAP Logon so i decided to switch from LDAP to LDAPS.

I tried both LDAPS Ports 3269 and 636 with "Test" in Global Security Config but none of them are working.

!Global Config.png|thumbnail!
 I'm getting immediate Error: 
{code}
{code}


Other Systems (JIRA, Artifactory ...) are working well with LDAPS - so it has to be something with Jenkins in my opinion.

heinzepreller@java.net (JIRA)

unread,
Jul 30, 2015, 7:22:02 AM7/30/15
to jenkinsc...@googlegroups.com
heinzepreller commented on Bug JENKINS-28664
 
Re: LDAPS Authorization not possible

Still not able to use ldaps:

  • Jenkins ver. 1.622
  • Active Directory plugin 1.41

dconry@gmail.com (JIRA)

unread,
Dec 2, 2015, 9:23:05 AM12/2/15
to jenkinsc...@googlegroups.com

Confirmed, appears to be an issue strictly with the bind operation. Using the plugin for authentication via LDAPS without binding does seem to work, but obviously does not allow using AD groups for permissions, etc.
Reply all
Reply to author
Forward
0 new messages