[JIRA] [ldap-plugin] (JENKINS-29772) Can't retrieve ldap info using domain search with spaces

45 views
Skip to first unread message

ricardogarfe@gmail.com (JIRA)

unread,
Aug 4, 2015, 2:45:01 AM8/4/15
to jenkinsc...@googlegroups.com
Ricardo García Fernández created an issue
 
Jenkins / Bug JENKINS-29772
Can't retrieve ldap info using domain search with spaces
Issue Type: Bug Bug
Assignee: Kohsuke Kawaguchi
Components: ldap-plugin
Created: 04/Aug/15 6:44 AM
Environment: Jenkins 1.617
LDAP Plugin 1.11
Labels: ldap login authentication
Priority: Major Major
Reporter: Ricardo García Fernández

Configuration

Jenkins LDAP configuration:

Servidor		ldap://ldap.test.es:389/
root DN	Allow empty RootDN
Search Domain User Base		"o=Group Using Spaces,c=ES"
Search user filter (&(objectClass=inetorgperson)(uid={0}))

Problem

Jenkins LDAP can't handle correctly LDAP base domain search form input. Has to be defined it between quotes if it's composed by various words between spaces. If I don't it won't create configuration correctly, you don't get any response.

Error Without quotes

When you define LDAP configuration using Search Domain User Base without quotes and not selected rootDN:

  • You can't/don't execute the query.

Error With quotes

Log when user attempt to log in:

Failed to bind to LDAP: userDncn=SurName1 SurName2 Name (123456),ou=GROUP,"o=Group Using Spaces,c=ES"  username=login_name
javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]
	at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:293)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
	at javax.naming.InitialContext.init(InitialContext.java:242)
	at javax.naming.InitialContext.<init>(InitialContext.java:216)
	at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
	at org.acegisecurity.ldap.DefaultInitialDirContextFactory.connect(DefaultInitialDirContextFactory.java:180)
	at org.acegisecurity.ldap.DefaultInitialDirContextFactory.newInitialDirContext(DefaultInitialDirContextFactory.java:261)
	at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:123)
	at org.acegisecurity.ldap.LdapTemplate.retrieveEntry(LdapTemplate.java:165)
	at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.bindWithDn(BindAuthenticator.java:87)
	at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:72)
	at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49)
	at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)
	at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
	at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
	at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
	at hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager.authenticate(LDAPSecurityRealm.java:786)
	at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:611)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:724)

Other configurations

Search using ldapsearh correct:

ldapsearch -H ldap://ldap.test.es:389 -b "o=Group Using Spaces,c=es" -s sub -a always -z 1000 "uid=login_name" -x
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)
Atlassian logo

dbeck@cloudbees.com (JIRA)

unread,
Aug 4, 2015, 6:31:02 AM8/4/15
to jenkinsc...@googlegroups.com
Daniel Beck updated an issue

Looks like this has a trivial workaround, so reducing priority.
Change By: Daniel Beck
Priority: Major Minor

ricardogarfe@gmail.com (JIRA)

unread,
Aug 21, 2015, 6:59:01 AM8/21/15
to jenkinsc...@googlegroups.com

dbeck@cloudbees.com (JIRA)

unread,
Aug 21, 2015, 7:33:01 AM8/21/15
to jenkinsc...@googlegroups.com
Daniel Beck updated an issue

Misread the issue description, it looked like the workaround was using quotes but that doesn't work either.
Change By: Daniel Beck
Priority: Minor Major

sakapur@yahoo.com (JIRA)

unread,
Dec 9, 2015, 3:53:02 PM12/9/15
to jenkinsc...@googlegroups.com
Sandeep Kapur commented on Bug JENKINS-29772
 
Re: Can't retrieve ldap info using domain search with spaces

Is there any workaround for this issue ? This must be common problem with many enterprises

bradley.wangia@gmail.com (JIRA)

unread,
Mar 17, 2016, 10:21:02 PM3/17/16
to jenkinsc...@googlegroups.com

Any resolution to this? Is this something I can work on a solution for? Just need some pointers on where to look ...

HelloDearGrandma@gmail.com (JIRA)

unread,
Mar 23, 2017, 10:42:02 AM3/23/17
to jenkinsc...@googlegroups.com

Hello.

We just solve this issue in our company.

To make it work we just make userSearchBase field empty.

To check LDAP working I also used this script
Before the issue was solved, script was able to resolve only groups, but not users.
This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
Atlassian logo

o.v.nenashev@gmail.com (JIRA)

unread,
Jun 12, 2018, 1:46:11 PM6/12/18
to jenkinsc...@googlegroups.com
Oleg Nenashev assigned an issue to Unassigned
 

In order to set proper expectation, I have unassigned Kohsuke from this tickets.
Currently there is no Default assignee in the LDAP plugin, any contributions will be appreciated.
Change By: Oleg Nenashev
Assignee: Kohsuke Kawaguchi
Reply all
Reply to author
Forward
0 new messages