Jenkins CLI user gets locked in Active Directory
229 views
Skip to first unread message
Lewis, Eric
Jun 5, 2012, 8:58:47 AM6/5/12
to jenkins...@googlegroups.com
Hi
We have a user called Service_Build which is used for issuing Jenkins CLI commands (either in bash or in Jenkins).
This user is defined in Active Directory, which is what we use for authentication. So normally, I can log in as this user and I have administrator rights in Jenkins.
I followed the documentation in the Jenkins wiki and (with help from Rob Mandeville) managed to authenticate the Service_Build user with public/private key credentials. So that part works well.
However, it looks like Jenkins is still trying to authenticate that user with Active Directory, because the user is locked in Active Directory after a number of CLI commands (eight in our case).
Should I have created the private key using the Active Directory password? Or how can I prevent that Active Directory locking?
Best regards,
Eric
We have a user called Service_Build which is used for issuing Jenkins CLI commands (either in bash or in Jenkins).
This user is defined in Active Directory, which is what we use for authentication. So normally, I can log in as this user and I have administrator rights in Jenkins.
I followed the documentation in the Jenkins wiki and (with help from Rob Mandeville) managed to authenticate the Service_Build user with public/private key credentials. So that part works well.
However, it looks like Jenkins is still trying to authenticate that user with Active Directory, because the user is locked in Active Directory after a number of CLI commands (eight in our case).
Should I have created the private key using the Active Directory password? Or how can I prevent that Active Directory locking?
Best regards,
Eric
Lewis, Eric
Jun 8, 2012, 9:17:35 AM6/8/12
to jenkins...@googlegroups.com
Anyone? :-)
-----Ursprüngliche Nachricht-----
Von: jenkins...@googlegroups.com [mailto:jenkins...@googlegroups.com] Im Auftrag von Lewis, Eric
Gesendet: Dienstag, 5. Juni 2012 14:59
An: jenkins...@googlegroups.com
Betreff: Jenkins CLI user gets locked in Active Directory
-----Ursprüngliche Nachricht-----
Von: jenkins...@googlegroups.com [mailto:jenkins...@googlegroups.com] Im Auftrag von Lewis, Eric
Gesendet: Dienstag, 5. Juni 2012 14:59
An: jenkins...@googlegroups.com
Betreff: Jenkins CLI user gets locked in Active Directory
Slide
Jun 8, 2012, 9:30:06 AM6/8/12
to jenkins...@googlegroups.com
Is this running on Linux? More information about your platforms and
such would be useful.
--
Website: http://earl-of-code.com
such would be useful.
Website: http://earl-of-code.com
Lewis, Eric
Jun 8, 2012, 9:32:43 AM6/8/12
to jenkins...@googlegroups.com
Sorry! :-)
Yes, Jenkins is running on Red Hat Linux (apparently Red Hat Enterprise Linux Server release 5.8 (Tikanga))
Best regards,
Eric
-----Ursprüngliche Nachricht-----
Von: jenkins...@googlegroups.com [mailto:jenkins...@googlegroups.com] Im Auftrag von Slide
Gesendet: Freitag, 8. Juni 2012 15:30
An: jenkins...@googlegroups.com
Betreff: Re: Jenkins CLI user gets locked in Active Directory
Yes, Jenkins is running on Red Hat Linux (apparently Red Hat Enterprise Linux Server release 5.8 (Tikanga))
Best regards,
Eric
-----Ursprüngliche Nachricht-----
Von: jenkins...@googlegroups.com [mailto:jenkins...@googlegroups.com] Im Auftrag von Slide
Gesendet: Freitag, 8. Juni 2012 15:30
An: jenkins...@googlegroups.com
Betreff: Re: Jenkins CLI user gets locked in Active Directory
Alex Earl
Jun 8, 2012, 9:59:40 AM6/8/12
to Lewis, Eric, jenkins...@googlegroups.com
Can you check the logs for authentication and see if AD is being tried
before the key based auth?
Sent from my Windows Phone
From: Lewis, Eric
Sent: 6/8/2012 6:32 AM
To: jenkins...@googlegroups.com
Subject: AW: Jenkins CLI user gets locked in Active Directory
before the key based auth?
Sent from my Windows Phone
From: Lewis, Eric
Sent: 6/8/2012 6:32 AM
To: jenkins...@googlegroups.com
Subject: AW: Jenkins CLI user gets locked in Active Directory
Lewis, Eric
Jun 8, 2012, 10:06:51 AM6/8/12
to jenkins...@googlegroups.com
Ok, I'll have to check (on Monday) with our Windows admins, since I don't have access to those logs.
Best regards,
Eric
-----Ursprüngliche Nachricht-----
Von: Alex Earl [mailto:slide...@gmail.com]
Gesendet: Freitag, 8. Juni 2012 16:00
An: Lewis, Eric; jenkins...@googlegroups.com
Betreff: RE: Jenkins CLI user gets locked in Active Directory
Best regards,
Eric
-----Ursprüngliche Nachricht-----
Gesendet: Freitag, 8. Juni 2012 16:00
An: Lewis, Eric; jenkins...@googlegroups.com
Betreff: RE: Jenkins CLI user gets locked in Active Directory
Alex Earl
Jun 8, 2012, 10:23:21 AM6/8/12
to Lewis, Eric, jenkins...@googlegroups.com
I was meaning the logs on the Linux machine.
Sent from my Windows Phone
From: Lewis, Eric
Sent: 6/8/2012 7:06 AM
Sent from my Windows Phone
From: Lewis, Eric
Lewis, Eric
Jun 8, 2012, 10:33:28 AM6/8/12
to jenkins...@googlegroups.com
Oh... :-)
Well, I'm not really a Linux guru, so could you tell me where I find those logs?
(Also, I'm not root either)
Gesendet: Freitag, 8. Juni 2012 16:23
Well, I'm not really a Linux guru, so could you tell me where I find those logs?
(Also, I'm not root either)
Gesendet: Freitag, 8. Juni 2012 16:23
Alex Earl
Jun 8, 2012, 10:45:09 AM6/8/12
to Lewis, Eric, jenkins...@googlegroups.com
Usually they are in /var/log I believe. Look for auth.log or something
similar
Sent from my Windows Phone
From: Lewis, Eric
Sent: 6/8/2012 7:33 AM
similar
Sent from my Windows Phone
From: Lewis, Eric
Lewis, Eric
Jun 8, 2012, 10:55:58 AM6/8/12
to jenkins...@googlegroups.com
I don't see that file. I'll have to check with our Linux admin on Monday.
Gesendet: Freitag, 8. Juni 2012 16:45
Gesendet: Freitag, 8. Juni 2012 16:45
Lewis, Eric
Jun 11, 2012, 8:14:25 AM6/11/12
to jenkins...@googlegroups.com
Ok, I checked with our sysadmin, but there's not more information in the logs.
However, another problem, which I postponed, may be the cause.
As I mentioned, we're using Active Directory for authentification. In the Jenkins config, I'm using the Matrix-based security.
Since we installed the new version, I always see errors in the GUI and in the log. For instance, for the mentioned Service_Build user, I see:
Failed to test the validity of the user name Service_Build
org.acegisecurity.BadCredentialsException: Failed to retrieve user information for Service_Build; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ipie,DC=ch'
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:231)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:130)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:95)
at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:27)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:551)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:304)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288)
at sun.reflect.GeneratedMethodAccessor3018.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488)
at org.kohsuke.stapler.Stapler.service(Stapler.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:74)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:98)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ipie,DC=ch'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3107)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:191)
... 70 more
The users however can very well log into Jenkins and are authenticated. Also the Active Directory test in the config works.
I postponed this error because people can still work, but it's still an error.
And I see the same whenever I try to do something with the Service_Build user.
So maybe this is the root cause of my problems?
It looks like it's a known issue: https://issues.jenkins-ci.org/browse/JENKINS-12619
Best regards,
Eric
-----Ursprüngliche Nachricht-----
Von: jenkins...@googlegroups.com [mailto:jenkins...@googlegroups.com] Im Auftrag von Lewis, Eric
Gesendet: Freitag, 8. Juni 2012 16:56
An: jenkins...@googlegroups.com
Betreff: AW: Jenkins CLI user gets locked in Active Directory
However, another problem, which I postponed, may be the cause.
As I mentioned, we're using Active Directory for authentification. In the Jenkins config, I'm using the Matrix-based security.
Since we installed the new version, I always see errors in the GUI and in the log. For instance, for the mentioned Service_Build user, I see:
Failed to test the validity of the user name Service_Build
org.acegisecurity.BadCredentialsException: Failed to retrieve user information for Service_Build; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ipie,DC=ch'
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:231)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:130)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:95)
at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:27)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:551)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:304)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288)
at sun.reflect.GeneratedMethodAccessor3018.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488)
at org.kohsuke.stapler.Stapler.service(Stapler.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:74)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:98)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ipie,DC=ch'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3107)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:191)
... 70 more
The users however can very well log into Jenkins and are authenticated. Also the Active Directory test in the config works.
I postponed this error because people can still work, but it's still an error.
And I see the same whenever I try to do something with the Service_Build user.
So maybe this is the root cause of my problems?
It looks like it's a known issue: https://issues.jenkins-ci.org/browse/JENKINS-12619
Best regards,
Eric
-----Ursprüngliche Nachricht-----
Gesendet: Freitag, 8. Juni 2012 16:56
An: jenkins...@googlegroups.com
Betreff: AW: Jenkins CLI user gets locked in Active Directory
Lewis, Eric
Jun 11, 2012, 11:07:36 AM6/11/12
to jenkins...@googlegroups.com
Ok, upgrading to the latest Active Directory plugin solves at least the problem in the Jenkins configuration page.
I'll check tomorrow about the rest of the problem.
Best regards,
Eric
-----Ursprüngliche Nachricht-----
Von: jenkins...@googlegroups.com [mailto:jenkins...@googlegroups.com] Im Auftrag von Lewis, Eric
Gesendet: Montag, 11. Juni 2012 14:14
I'll check tomorrow about the rest of the problem.
Best regards,
Eric
-----Ursprüngliche Nachricht-----
Von: jenkins...@googlegroups.com [mailto:jenkins...@googlegroups.com] Im Auftrag von Lewis, Eric
Lewis, Eric
Jun 12, 2012, 5:47:52 AM6/12/12
to jenkins...@googlegroups.com
So, I tried again with the new Active Directory plugin.
When using our Service_Build user, there is no authentication request coming into Active Directory, which is how it should be.
So the problem was the old, buggy Active Directory plugin.
Thanks for the help & best regards,
When using our Service_Build user, there is no authentication request coming into Active Directory, which is how it should be.
So the problem was the old, buggy Active Directory plugin.
Thanks for the help & best regards,
Eric
-----Ursprüngliche Nachricht-----
Von: jenkins...@googlegroups.com [mailto:jenkins...@googlegroups.com] Im Auftrag von Lewis, Eric
Gesendet: Montag, 11. Juni 2012 17:08
-----Ursprüngliche Nachricht-----
Von: jenkins...@googlegroups.com [mailto:jenkins...@googlegroups.com] Im Auftrag von Lewis, Eric
Reply all
Reply to author
Forward
0 new messages