Console Output:
Dec 14, 2011 1:47:21 PM
hudson.security.AuthenticationProcessingFilter2
onUnsuccessfulAuthentication
INFO: Login attempt failed
org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; nested exception is javax.naming.NameNotFoundException: [LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'; nested exception is
org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; nested exception is javax.naming.NameNotFoundException: [LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'
at
org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:
238)
at
org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:
119)
at
org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:
195)
at
org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:
45)
at
org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:
71)
at
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:
252)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:
173)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:
249)
at
hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:
66)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at
hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:
76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
210)
at
hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:
81)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
224)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
185)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:
472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
151)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
100)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
929)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
405)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
269)
at org.apache.coyote.AbstractProtocol
$AbstractConnectionHandler.process(AbstractProtocol.java:515)
at org.apache.tomcat.util.net.JIoEndpoint
$SocketProcessor.run(JIoEndpoint.java:302)
at java.util.concurrent.ThreadPoolExecutor
$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor
$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.acegisecurity.ldap.LdapDataAccessException:
LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031001E4,
problem 2001 (NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; nested exception is javax.naming.NameNotFoundException: [LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'
at org.acegisecurity.ldap.LdapTemplate
$LdapExceptionTranslator.translate(LdapTemplate.java:295)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)
at
org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:
246)
at
org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:
119)
at
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:
71)
at
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:
49)
at
org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:
233)
... 34 more
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 -
0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0,
best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1766)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:
394)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:
376)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:
358)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:
267)
at org.acegisecurity.ldap.LdapTemplate
$3.doInDirContext(LdapTemplate.java:249)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
... 39 more
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
The LDAP plugin is (at least it was before we unceremoniously ditched it) MUCH MUCH quicker to authenticate users than the AD one when you have a lovely large tree of domains…
Now I will prefix this with I am not an AD expert but…
http://technet.microsoft.com/en-us/library/cc728188(v=ws.10).aspx
"The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers."
I don’t notice any delay using the global catalogue and LDAP – using AD we often saw multi second (into the tens) delays in authentication – the above may or may not be the reason for it.
/James
James, would you be amenable to firing up a test jenkins and giving some comparative timings?At least in Unix mode they should be pretty much identical in performance, though theAD plugin should be much easier to configure
On 15 October 2013 14:47, teilo <teilo+...@teilo.net> wrote:
The LDAP plugin is (at least it was when we unceremoniously ditched the AD plugin) MUCH MUCH quicker to authenticate users than the AD one when you have a lovely large tree of domains…