LDAP Plugin authentication issue

[Gil Br]

All,

I installed the latest LDAP Plugin for Jenkins.

When I use ldap://server.name I get no error under the LDAP Server line, however when I use ldaps://server.name:636 I get the following error:

Unable to connect to ldaps://server.name:636 : javax.naming.CommunicationException: simple bind failed: server.name:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

javax.naming.CommunicationException: simple bind failed: server.name:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
	at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)

In either case (ldaps or ldap) I get login failed when I try to login with my NT user/password, Jenkins runs on windows.

Am I missing something here?

Gil

[Maciej Jaros]

Gil Br (2014-10-28 15:58):

All,

I installed the latest LDAP Plugin for Jenkins.

When I use ldap://server.name I get no error under the LDAP Server line, however when I use ldaps://server.name:636 I get the following error:

Unable to connect to ldaps://server.name:636 : javax.naming.CommunicationException: simple bind failed: server.name:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

[...]

Most probably your LDAP uses a certifacte that is not valid on Jenkins box. This is when you have a self generated certificate. You would probably have to install CA on your Jenkins box.

In either case (ldaps or ldap) I get login failed when I try to login with my NT user/password, Jenkins runs on windows.

I haven't tried using ldap protocol in server address but that should work for Active Directory LDAP:

    * server: your.domain.com
    * rootDN: DC=your,DC=domain,DC=com
    * userSearchBase: CN=Users
    * user search filter: sAMAccountName={0}
    * managerDN: DOMAIN\someUser
    * managerPassword: someUser password

AFAIK `userSearchBase` and `user search filter` are the same for all Active Directory installations.

Regards,
Nux

[Gil Br]

Hi,

Your answer relates to Active Directory, I'm using LDAP 389 on Linux.

Any other idea?

Gil

בתאריך יום שלישי, 28 באוקטובר 2014 16:58:34 UTC+2, מאת Gil Br:

[Maciej Jaros]

Gil Br (2014-10-29 08:51):

Hi,

Your answer relates to Active Directory, I'm using LDAP 389 on Linux.

Any other idea?

Depending on your LDAP configuration you should use correct search base and search filter... But I'm not sure how would you use NT password if LDAP is on Linux? Or what do you mean by NT? I though you meant Windows NT password (hence I mentioned Active Directory which is kind of built in Windows domain).

Regards,
Nux

[Gil Br]

,Hi

Wanted to update - I have finally solved this issue

I switched to Active Directory plugin + Matrix Authorization Strategy Plugin

Basically, you need help from your IT/Netwrork plp to know the Bind DN and Bind Password 

Use the matrix plugin to actually do something with the authorization and decide who can do what

Many thanks

Gil

בתאריך יום רביעי, 29 באוקטובר 2014 13:04:44 UTC+2, מאת maciej: