Can we just ask one question:
WHY ARE YOU USING THE LDAP PLUGIN AND NOT THE ACTIVE DIRECTORY PLUGIN?
People seem to keep on wanting to inflict pain on themselves and go with
the more complex LDAP plugin rather than the much much easier to use Active
Directory plugin.
If there is some feature missing that causes you to decide to plump for the
LDAP plugin it would be good to know so that the feature could be added to
the Active Directory plugin.
On 15 October 2013 13:17, Ricardo García Fernández
<ricardoga...@gmail.com>wrote:
> Hi Zac !
>
> I was dealing with the same issue: authentication against LDAP/AD and your
> answer was the right one.
>
> Also, I fixed the group filter and configured group properties using this
> filter:
>
> Group search filter: (& (cn={0}) (objectclass=group) )
> Group Search Base: your OU groups separated with comas (,).
>
> Thus I can configure groups and users from general configuration to Job
> one.
>
> Thanks for your solution it was very helpful
>
> El miércoles, 14 de diciembre de 2011 20:01:34 UTC+1, Zac Harvey escribió:
>>
>> I am trying to set up Jenkins to authenticate using our AD domain over
>> LDAP. I have been working with the Systems Group trying to configure
>> all of the settings under Manage Jenkins >> Configure System >> Access
>> Control. We finally have all the settings configured correctly (at
>> least, in the eyes of the Systems people), and we are not getting any
>> red validation errors in the GUI. However I still cannot login via
>> LDAP/AD. Below is the console output. Any nudges in the right
>> direction are enormously appreciated!
>>
>> Console Output:
>> Dec 14, 2011 1:47:21 PM
>> hudson.security.**AuthenticationProcessingFilter**2
>> onUnsuccessfulAuthentication
>> INFO: Login attempt failed
>> org.acegisecurity.**AuthenticationServiceException**: LdapCallback;[LDAP:
>> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
>> (NO_OBJECT), data 0, best match of:
>> 'DC=MYPROJECT,DC=COM'
>> ]; nested exception is javax.naming.**NameNotFoundException: [LDAP:
>> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
>> (NO_OBJECT), data 0, best match of:
>> 'DC=MYPROJECT,DC=COM'
>> ]; remaining name 'dc=myproject,dc=com'; nested exception is
>> org.acegisecurity.ldap.**LdapDataAccessException: LdapCallback;[LDAP:
>> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
>> (NO_OBJECT), data 0, best match of:
>> 'DC=MYPROJECT,DC=COM'
>> ]; nested exception is javax.naming.**NameNotFoundException: [LDAP:
>> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
>> (NO_OBJECT), data 0, best match of:
>> 'DC=MYPROJECT,DC=COM'
>> ]; remaining name 'dc=myproject,dc=com'
>> at
>> org.acegisecurity.providers.**ldap.**LdapAuthenticationProvider.**
>> retrieveUser(**LdapAuthenticationProvider.**java:
>> 238)
>> at
>> org.acegisecurity.providers.**dao.**AbstractUserDetailsAuthenticat**
>> ionProvider.authenticate(**AbstractUserDetailsAuthenticat**
>> ionProvider.java:
>> 119)
>> at
>> org.acegisecurity.providers.**ProviderManager.**doAuthentication(**
>> ProviderManager.java:
>> 195)
>> at
>> org.acegisecurity.**AbstractAuthenticationManager.**authenticate(**
>> AbstractAuthenticationManager.**java:
>> 45)
>> at
>> org.acegisecurity.ui.webapp.**AuthenticationProcessingFilter**
>> .attemptAuthentication(**AuthenticationProcessingFilter**.java:
>> 71)
>> at
>> org.acegisecurity.ui.**AbstractProcessingFilter.**doFilter(**
>> AbstractProcessingFilter.java:
>> 252)
>> at hudson.security.**ChainedServletFilter
>> $1.doFilter(**ChainedServletFilter.java:87)
>> at
>> org.acegisecurity.ui.**basicauth.**BasicProcessingFilter.**doFilter(**
>> BasicProcessingFilter.java:
>> 173)
>> at hudson.security.**ChainedServletFilter
>> $1.doFilter(**ChainedServletFilter.java:87)
>> at jenkins.security.**ApiTokenFilter.doFilter(**
>> ApiTokenFilter.java:61)
>> at hudson.security.**ChainedServletFilter
>> $1.doFilter(**ChainedServletFilter.java:87)
>> at
>> org.acegisecurity.context.**HttpSessionContextIntegrationF**
>> ilter.doFilter(**HttpSessionContextIntegrationF**ilter.java:
>> 249)
>> at
>> hudson.security.**HttpSessionContextIntegrationF**ilter2.doFilter(**
>> HttpSessionContextIntegrationF**ilter2.java:
>> 66)
>> at hudson.security.**ChainedServletFilter
>> $1.doFilter(**ChainedServletFilter.java:87)
>> at
>> hudson.security.**ChainedServletFilter.doFilter(**
>> ChainedServletFilter.java:
>> 76)
>> at hudson.security.HudsonFilter.**doFilter(HudsonFilter.java:**
>> 164)
>> at
>> org.apache.catalina.core.**ApplicationFilterChain.**internalDoFilter(**
>> ApplicationFilterChain.java:
>> 243)
>> at
>> org.apache.catalina.core.**ApplicationFilterChain.**doFilter(**
>> ApplicationFilterChain.java:
>> 210)
>> at
>> hudson.util.**CharacterEncodingFilter.**doFilter(**
>> CharacterEncodingFilter.java:
>> 81)
>> at
>> org.apache.catalina.core.**ApplicationFilterChain.**internalDoFilter(**
>> ApplicationFilterChain.java:
>> 243)
>> at
>> org.apache.catalina.core.**ApplicationFilterChain.**doFilter(**
>> ApplicationFilterChain.java:
>> 210)
>> at
>> org.apache.catalina.core.**StandardWrapperValve.invoke(**
>> StandardWrapperValve.java:
>> 224)
>> at
>> org.apache.catalina.core.**StandardContextValve.invoke(**
>> StandardContextValve.java:
>> 185)
>> at
>> org.apache.catalina.**authenticator.**AuthenticatorBase.invoke(**
>> AuthenticatorBase.java:
>> 472)
>> at
>> org.apache.catalina.core.**StandardHostValve.invoke(**
>> StandardHostValve.java:
>> 151)
>> at
>> org.apache.catalina.valves.**ErrorReportValve.invoke(**
>> ErrorReportValve.java:
>> 100)
>> at
>> org.apache.catalina.valves.**AccessLogValve.invoke(**AccessLogValve.java:
>> 929)
>> at
>> org.apache.catalina.core.**StandardEngineValve.invoke(**
>> StandardEngineValve.java:
>> 118)
>> at
>> org.apache.catalina.connector.**CoyoteAdapter.service(**
>> CoyoteAdapter.java:
>> 405)
>> at
>> org.apache.coyote.http11.**Http11Processor.process(**
>> Http11Processor.java:
>> 269)
>> at org.apache.coyote.**AbstractProtocol
>> $AbstractConnectionHandler.**process(AbstractProtocol.java:**515)
>> at org.apache.tomcat.util.net.**JIoEndpoint
>> $SocketProcessor.run(**JIoEndpoint.java:302)
>> at java.util.concurrent.**ThreadPoolExecutor
>> $Worker.runTask(**ThreadPoolExecutor.java:886)
>> at java.util.concurrent.**ThreadPoolExecutor
>> $Worker.run(**ThreadPoolExecutor.java:908)
>> at java.lang.Thread.run(Thread.**java:662)
>> Caused by: org.acegisecurity.ldap.**LdapDataAccessException:
>> LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031001E4,
>> problem 2001 (NO_OBJECT), data 0, best match of:
>> 'DC=MYPROJECT,DC=COM'
>> ]; nested exception is javax.naming.**NameNotFoundException: [LDAP:
>> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
>> (NO_OBJECT), data 0, best match of:
>> 'DC=MYPROJECT,DC=COM'
>> ]; remaining name 'dc=myproject,dc=com'
>> at org.acegisecurity.ldap.**LdapTemplate
>> $LdapExceptionTranslator.**translate(LdapTemplate.java:**295)
>> at org.acegisecurity.ldap.**LdapTemplate.execute(**
>> LdapTemplate.java:128)
>> at
>> org.acegisecurity.ldap.**LdapTemplate.**searchForSingleEntry(**
>> LdapTemplate.java:
>> 246)
>> at
>> org.acegisecurity.ldap.search.**FilterBasedLdapUserSearch.**
>> searchForUser(**FilterBasedLdapUserSearch.**java:
>> 119)
>> at
>> org.acegisecurity.providers.**ldap.authenticator.**BindAuthenticator.**
>> authenticate(**BindAuthenticator.java:
>> 71)
>> at
>> org.acegisecurity.providers.**ldap.authenticator.**BindAuthenticator2.**
>> authenticate(**BindAuthenticator2.java:
>> 49)
>> at
>> org.acegisecurity.providers.**ldap.**LdapAuthenticationProvider.**
>> retrieveUser(**LdapAuthenticationProvider.**java:
>> 233)
>> ... 34 more
>> Caused by: javax.naming.**NameNotFoundException: [LDAP: error code 32 -
>> 0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0,
>> best match of:
>> 'DC=MYPROJECT,DC=COM'
>> ]; remaining name 'dc=myproject,dc=com'
>> at com.sun.jndi.ldap.LdapCtx.**mapErrorCode(LdapCtx.java:**3066)
>> at com.sun.jndi.ldap.LdapCtx.**processReturnCode(LdapCtx.**
>> java:2987)
>> at com.sun.jndi.ldap.LdapCtx.**processReturnCode(LdapCtx.**
>> java:2794)
>> at com.sun.jndi.ldap.LdapCtx.**searchAux(LdapCtx.java:1826)
>> at com.sun.jndi.ldap.LdapCtx.c_**search(LdapCtx.java:1749)
>> at com.sun.jndi.ldap.LdapCtx.c_**search(LdapCtx.java:1766)
>> at
>> com.sun.jndi.toolkit.ctx.**ComponentDirContext.p_search(**
>> ComponentDirContext.java:
>> 394)
>> at
>> com.sun.jndi.toolkit.ctx.**PartialCompositeDirContext.**search(**
>> PartialCompositeDirContext.**java:
>> 376)
>> at
>> com.sun.jndi.toolkit.ctx.**PartialCompositeDirContext.**search(**
>> PartialCompositeDirContext.**java:
>> 358)
>> at
>> javax.naming.directory.**InitialDirContext.search(**
>> InitialDirContext.java:
>> 267)
>> at org.acegisecurity.ldap.**LdapTemplate
>> $3.doInDirContext(**LdapTemplate.java:249)
>> at org.acegisecurity.ldap.**LdapTemplate.execute(**
>> LdapTemplate.java:126)
>> ... 39 more
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
