Great! I have the same issue on Jenkins 1.559 / Windows 2008 R2 and
resolved by your suggestion. Thanks!
bara...@gmail.com於 2013年4月5日星期五UTC+8下午7時29分57秒寫道:
>
> Hello,
>
> I can't get ldap authentication to work with Jenkins 1.505/Windows7 and
> Jenkins 1.466/Ubuntu and I'm really stumped because even the Wireshark
> output below looks fine to me.
>
> The LDAP settings are:
>
> Server: ldap.mydomain.de:389
> Root DN: DC=mydomain,DC=de
> User Search Base: OU=Software
> User Search Filter: sAMAccountName={0}
> Group Search Base:
> Manager DN: CN=jenkins,OU=Software,dc=mydomain,dc=de
> Manager Password: xxx
>
> There are no problems here, the manager doesn't cause any errors.
>
> Attempt A)
> When I try to login with my username/password I get a connection refused
> error which is really weird:
>
> 05.04.2013 12:00:36 hudson.security.AuthenticationProcessingFilter2
> onUnsuccessfulAuthentication
> INFO: Login attempt failed
> org.acegisecurity.AuthenticationServiceException: LdapCallback;null;
> nested exception is javax.naming.PartialResultException [Root exception is
> javax.naming.CommunicationException: mydomain.de:389 [Root exception is
> java.net.ConnectException: Connection refused: connect]]; nested exception
> is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null;
> nested exception is javax.naming.PartialResultException [Root exception is
> javax.naming.CommunicationException: mydomain.de:389 [Root exception is
> java.net.ConnectException: Connection refused: connect]]
> at
> org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238)
> at
> org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
> ...
>
>
> Attempt B)
> When I try to log in with a wrong password I get a bad credentials
> exception which is good.
>
> 05.04.2013 12:33:43 hudson.security.AuthenticationProcessingFilter2
> onUnsuccessfulAuthentication
> INFO: Login attempt failed
> org.acegisecurity.BadCredentialsException: Bad credentials
> at
> org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:125)
> at
> org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
> ...
>
>
> So I traced what happens for Attempt A with Wireshark.
>
> It actually binds as the user John Doe then finds the details for John Doe
> successfully then it unbinds and in the end it searches for the groups of
> user John Doe and finds those succesfully but Jenkins still does not
> authenticate me.
>
> No. Time Source Destination Protocol
> Length Info
> 319 10.394879 192.168.100.103 192.168.100.6 LDAP
> 169 searchRequest(4) "OU=Software,DC=mydomain,DC=de" wholeSubtree
> 321 10.395846 192.168.100.6 192.168.100.103 LDAP
> 215 searchResEntry(4) "CN=John Doe,OU=Software,DC=mydomain,DC=de"
> 326 10.402801 192.168.100.103 192.168.100.6 LDAP
> 154 bindRequest(1) "CN=John Doe,OU=Software,DC=mydomain,DC=de" simple
> 327 10.404332 192.168.100.6 192.168.100.103 LDAP
> 76 bindResponse(1) success
> 328 10.405094 192.168.100.103 192.168.100.6 LDAP
> 171 searchRequest(2) "CN=John Doe,OU=Software,DC=mydomain,DC=de"
> baseObject
> 330 10.405911 192.168.100.6 192.168.100.103 LDAP
> 215 searchResEntry(2) "CN=John Doe,OU=Software,DC=mydomain,DC=de"
> 332 10.406506 192.168.100.103 192.168.100.6 LDAP
> 61 unbindRequest(3)
> 337 10.407207 192.168.100.103 192.168.100.6 LDAP
> 324 searchRequest(5) "DC=mydomain,DC=de" wholeSubtree
> 339 10.425127 192.168.100.6 192.168.100.103 LDAP
> 521 searchResEntry(5) "CN=Terminal,CN=Users,DC=mydomain,DC=de" |
> searchResEntry(5) "CN=Software,DC=mydomain,DC=de" | searchResEntry(5)
> "CN=Admins,DC=mydomain,DC=de" | searchResRef(5) | searchResDone(5)
> success [3 results]
>
>
> This looks like a bug to me, what do you think?
>
> Regards,
>
> Kevin
>
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
