AD Plugin oddity
38 views
Skip to first unread message
Jamie Lawrence
Sep 18, 2014, 8:54:42 PM9/18/14
to jenkins...@googlegroups.com
Hello all,
I am setting up a new jenkins install running LTS (1.565.2). We use the
Active Directory plugin here. Copying the config from a (rather old)
installation did not work; it threw an AuthenticationException.
By way of troubleshooting in various ways, I ended up where I am now: with
a vanilla fresh config, enabled the AD plugin, and created a new AD user.
The ³Test² button in the AD plugin configuration claimed success. I know
the new user creds work for the domain outside of Jenkins. It fails on the
login screen, both for other users who should be fine and for the new
Jenkins AD user.
One example of the failure is stack trace I get on the command line,
below. I¹m somewhat mystified. Has anyone seen this?
Thanks in advance,
-j
---- Stacktrace ----
[jlawrence@jenkins1 vagrant]$ java -jar jenkins-cli.jar -s
http://localhost:8080/ login --username jlawrence
Password:
org.acegisecurity.AuthenticationServiceException: Failed to bind to LDAP
server with the bind name/password; nested exception is
org.acegisecurity.BadCredentialsException: Either no such user 'jenkins2'
or incorrect password; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
v1db1]
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r
etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:242)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r
etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:196)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r
etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:140)
at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm.authenticate(A
ctiveDirectorySecurityRealm.java:624)
at
hudson.security.AbstractPasswordBasedSecurityRealm.doAuthenticate(AbstractP
asswordBasedSecurityRealm.java:114)
at
hudson.security.AbstractPasswordBasedSecurityRealm.access$100(AbstractPassw
ordBasedSecurityRealm.java:39)
at
hudson.security.AbstractPasswordBasedSecurityRealm$1.authenticate(AbstractP
asswordBasedSecurityRealm.java:81)
at hudson.cli.CLICommand.main(CLICommand.java:228)
at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:5
7)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
l.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocation
Handler.java:309)
at
hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHan
dler.java:290)
at
hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHan
dler.java:249)
at hudson.remoting.UserRequest.perform(UserRequest.java:118)
at hudson.remoting.UserRequest.perform(UserRequest.java:48)
at hudson.remoting.Request$2.run(Request.java:328)
at
hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorServ
ice.java:72)
at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63)
at
hudson.remoting.InterceptingExecutorService$2.call(InterceptingExecutorServ
ice.java:95)
at
jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecuto
rService.java:46)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1
145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:
615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.acegisecurity.BadCredentialsException: Either no such user
'jenkins2' or incorrect password; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
v1db1]
at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl
.bind(ActiveDirectorySecurityRealm.java:407)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r
etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:239)
... 26 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error,
data 52e, v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2635)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2622)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2618)
at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl
.bind(ActiveDirectorySecurityRealm.java:476)
at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl
.bind(ActiveDirectorySecurityRealm.java:392)
... 27 more
I am setting up a new jenkins install running LTS (1.565.2). We use the
Active Directory plugin here. Copying the config from a (rather old)
installation did not work; it threw an AuthenticationException.
By way of troubleshooting in various ways, I ended up where I am now: with
a vanilla fresh config, enabled the AD plugin, and created a new AD user.
The ³Test² button in the AD plugin configuration claimed success. I know
the new user creds work for the domain outside of Jenkins. It fails on the
login screen, both for other users who should be fine and for the new
Jenkins AD user.
One example of the failure is stack trace I get on the command line,
below. I¹m somewhat mystified. Has anyone seen this?
Thanks in advance,
-j
---- Stacktrace ----
[jlawrence@jenkins1 vagrant]$ java -jar jenkins-cli.jar -s
http://localhost:8080/ login --username jlawrence
Password:
org.acegisecurity.AuthenticationServiceException: Failed to bind to LDAP
server with the bind name/password; nested exception is
org.acegisecurity.BadCredentialsException: Either no such user 'jenkins2'
or incorrect password; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
v1db1]
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r
etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:242)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r
etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:196)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r
etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:140)
at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm.authenticate(A
ctiveDirectorySecurityRealm.java:624)
at
hudson.security.AbstractPasswordBasedSecurityRealm.doAuthenticate(AbstractP
asswordBasedSecurityRealm.java:114)
at
hudson.security.AbstractPasswordBasedSecurityRealm.access$100(AbstractPassw
ordBasedSecurityRealm.java:39)
at
hudson.security.AbstractPasswordBasedSecurityRealm$1.authenticate(AbstractP
asswordBasedSecurityRealm.java:81)
at hudson.cli.CLICommand.main(CLICommand.java:228)
at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:5
7)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
l.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocation
Handler.java:309)
at
hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHan
dler.java:290)
at
hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHan
dler.java:249)
at hudson.remoting.UserRequest.perform(UserRequest.java:118)
at hudson.remoting.UserRequest.perform(UserRequest.java:48)
at hudson.remoting.Request$2.run(Request.java:328)
at
hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorServ
ice.java:72)
at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63)
at
hudson.remoting.InterceptingExecutorService$2.call(InterceptingExecutorServ
ice.java:95)
at
jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecuto
rService.java:46)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1
145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:
615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.acegisecurity.BadCredentialsException: Either no such user
'jenkins2' or incorrect password; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
v1db1]
at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl
.bind(ActiveDirectorySecurityRealm.java:407)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r
etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:239)
... 26 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error,
data 52e, v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2635)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2622)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2618)
at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl
.bind(ActiveDirectorySecurityRealm.java:476)
at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl
.bind(ActiveDirectorySecurityRealm.java:392)
... 27 more
Reply all
Reply to author
Forward
0 new messages