Hello all, I am setting up a new jenkins install running LTS (1.565.2). We use the Active Directory plugin here. Copying the config from a (rather old) installation did not work; it threw an AuthenticationException.
By way of troubleshooting in various ways, I ended up where I am now: with a vanilla fresh config, enabled the AD plugin, and created a new AD user. The ³Test² button in the AD plugin configuration claimed success. I know the new user creds work for the domain outside of Jenkins. It fails on the login screen, both for other users who should be fine and for the new Jenkins AD user. One example of the failure is stack trace I get on the command line, below. I¹m somewhat mystified. Has anyone seen this? Thanks in advance, -j ---- Stacktrace ---- [jlawrence@jenkins1 vagrant]$ java -jar jenkins-cli.jar -s http://localhost:8080/ login --username jlawrence Password: org.acegisecurity.AuthenticationServiceException: Failed to bind to LDAP server with the bind name/password; nested exception is org.acegisecurity.BadCredentialsException: Either no such user 'jenkins2' or incorrect password; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:242) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:196) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:140) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.authenticate(A ctiveDirectorySecurityRealm.java:624) at hudson.security.AbstractPasswordBasedSecurityRealm.doAuthenticate(AbstractP asswordBasedSecurityRealm.java:114) at hudson.security.AbstractPasswordBasedSecurityRealm.access$100(AbstractPassw ordBasedSecurityRealm.java:39) at hudson.security.AbstractPasswordBasedSecurityRealm$1.authenticate(AbstractP asswordBasedSecurityRealm.java:81) at hudson.cli.CLICommand.main(CLICommand.java:228) at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:5 7) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp l.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocation Handler.java:309) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHan dler.java:290) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHan dler.java:249) at hudson.remoting.UserRequest.perform(UserRequest.java:118) at hudson.remoting.UserRequest.perform(UserRequest.java:48) at hudson.remoting.Request$2.run(Request.java:328) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorServ ice.java:72) at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63) at hudson.remoting.InterceptingExecutorService$2.call(InterceptingExecutorServ ice.java:95) at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecuto rService.java:46) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1 145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java: 615) at java.lang.Thread.run(Thread.java:745) Caused by: org.acegisecurity.BadCredentialsException: Either no such user 'jenkins2' or incorrect password; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl .bind(ActiveDirectorySecurityRealm.java:407) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.r etrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:239) ... 26 more Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2635) at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2622) at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2618) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl .bind(ActiveDirectorySecurityRealm.java:476) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl .bind(ActiveDirectorySecurityRealm.java:392) ... 27 more -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
