Hello,
I can't get ldap authentication to work with Jenkins 1.505/Windows7 and
Jenkins 1.466/Ubuntu and I'm really stumped because even the Wireshark
output below looks fine to me.
The LDAP settings are:
Server: ldap.mydomain.de:389
Root DN: DC=mydomain,DC=de
User Search Base: OU=Software
User Search Filter: sAMAccountName={0}
Group Search Base:
Manager DN: CN=jenkins,OU=Software,dc=mydomain,dc=de
Manager Password: xxx
There are no problems here, the manager doesn't cause any errors.
Attempt A)
When I try to login with my username/password I get a connection refused
error which is really weird:
05.04.2013 12:00:36 hudson.security.AuthenticationProcessingFilter2
onUnsuccessfulAuthentication
INFO: Login attempt failed
org.acegisecurity.AuthenticationServiceException: LdapCallback;null; nested
exception is javax.naming.PartialResultException [Root exception is
javax.naming.CommunicationException: mydomain.de:389 [Root exception is
java.net.ConnectException: Connection refused: connect]]; nested exception
is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null;
nested exception is javax.naming.PartialResultException [Root exception is
javax.naming.CommunicationException: mydomain.de:389 [Root exception is
java.net.ConnectException: Connection refused: connect]]
at
org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238)
at
org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
...
Attempt B)
When I try to log in with a wrong password I get a bad credentials
exception which is good.
05.04.2013 12:33:43 hudson.security.AuthenticationProcessingFilter2
onUnsuccessfulAuthentication
INFO: Login attempt failed
org.acegisecurity.BadCredentialsException: Bad credentials
at
org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:125)
at
org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
...
So I traced what happens for Attempt A with Wireshark.
It actually binds as the user John Doe then finds the details for John Doe
successfully then it unbinds and in the end it searches for the groups of
user John Doe and finds those succesfully but Jenkins still does not
authenticate me.
No. Time Source Destination Protocol
Length Info
319 10.394879 192.168.100.103 192.168.100.6 LDAP 169
searchRequest(4) "OU=Software,DC=mydomain,DC=de" wholeSubtree
321 10.395846 192.168.100.6 192.168.100.103 LDAP 215
searchResEntry(4) "CN=John Doe,OU=Software,DC=mydomain,DC=de"
326 10.402801 192.168.100.103 192.168.100.6 LDAP 154
bindRequest(1) "CN=John Doe,OU=Software,DC=mydomain,DC=de" simple
327 10.404332 192.168.100.6 192.168.100.103 LDAP 76
bindResponse(1) success
328 10.405094 192.168.100.103 192.168.100.6 LDAP 171
searchRequest(2) "CN=John Doe,OU=Software,DC=mydomain,DC=de" baseObject
330 10.405911 192.168.100.6 192.168.100.103 LDAP 215
searchResEntry(2) "CN=John Doe,OU=Software,DC=mydomain,DC=de"
332 10.406506 192.168.100.103 192.168.100.6 LDAP 61
unbindRequest(3)
337 10.407207 192.168.100.103 192.168.100.6 LDAP 324
searchRequest(5) "DC=mydomain,DC=de" wholeSubtree
339 10.425127 192.168.100.6 192.168.100.103 LDAP 521
searchResEntry(5) "CN=Terminal,CN=Users,DC=mydomain,DC=de" |
searchResEntry(5) "CN=Software,DC=mydomain,DC=de" | searchResEntry(5)
"CN=Admins,DC=mydomain,DC=de" | searchResRef(5) | searchResDone(5)
success [3 results]
This looks like a bug to me, what do you think?
Regards,
Kevin
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
