It appears that the commit mostly fixes the issue of users that used to exist in the directory. Which is definitely an issue, especially in larger organizations, so I guess this change will be kept.
As a workaround in your case, it should be easy to modify your security realm (LDAP Plugin?) to throw UserMayOrMayNotExistException in loadUserByUsername(String) for the names of your technical users. This branch should also be easy to keep in sync with regular LDAP releases. On 07.03.2014, at 11:15, Jochen Hinrichsen <jochen.hinrich...@kambrium.net> wrote: > Dear group, > > since upgrading LTS from 1.532.1. to 1.532.2, the commit > https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3 > is active and breaks our existing authentication setup for remote scripts. > Jenkins is configured to use LDAP for human login users, and technical user + > apiToken (+remote trigger token, but that's another story) for remote > scripts. Company rules prohibit creating technical LDAP user (password > expiration enforcement e.a.), i.e. the technical user is only visible inside > Jenkins. apiToken can be configured via <jenkins-url>/user/<username>/config, > fine so far. > > The commit contains the following additional code: > > Jenkins.getInstance().getSecurityRealm().loadUserByUsername(username); > > At this point, a org.acegisecurity.userdetails.UsernameNotFoundException: > User <username> not found in directory. is thrown, i guess because the > technical user is verified against the regular LDAP directory instead of > local Jenkins user base. If this is a bug introduced in 1.532.2, i can easily > rollback, but if this is the desired behaviour from now on i need to come up > with another solution. We cannot use nor CLI neither SSHD, we depend on the > REST api. > > Thoughts? Ideas? > > Thanks in advance > > Jochen > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
