We are using LDAP login for our Gerrit instance. For REST calls (including repo cloning) you must generate an HTTP password that is different from the LDAP login. The gerrit-code-review-plugin currently assumes that these are the same. The client library used, does support setting them separately (https://github.com/uwolfer/gerrit-rest-java-client/blob/v0.8.15/src/main/java/com/urswolfer/gerrit/client/rest/GerritAuthData.java#L101) This is causing us to see the following in the gerrit logs:
[2020-01-22 01:35:58,480] [HTTP-21816] WARN com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'jenkins-ci' failed to sign in: Incorrect username or password
This appears to coincide with posting comments, as we are not seeing any Verification status changes or comments from Jenkins using gerritReview or gerritComment. I've confirmed that using an http client the HTTP password (same as one in credentials id used for cloning) is sufficient. For example to set the Verified -1 label: POST to gerrit-server.com/a/changes/<change id>/revisions/<patchset number>/review This appears to be discussed in this issue and resolved in PR#70 |