[ https://issues.jenkins-ci.org/browse/JENKINS-12907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=159582#comment-159582 ]
Jarrett Taylor commented on JENKINS-12907: ------------------------------------------ It looks like I was using an older version (1.18) of the Jenkins Active Directory plugin. I have updated to the current release (1.26) and have included the relevant portion of the stack trace here: Feb 27, 2012 1:44:22 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Failed to retrieve user information for example.user javax.naming.InvalidNameException: "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0]; remaining name '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1309) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:416) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:221) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:130) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:95) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) > Active Directory/LDAP group with special characters causes > authentication/retrieveUser to fail > ---------------------------------------------------------------------------------------------- > > Key: JENKINS-12907 > URL: https://issues.jenkins-ci.org/browse/JENKINS-12907 > Project: Jenkins > Issue Type: Bug > Components: active-directory > Affects Versions: current > Environment: Linux example-host 2.6.38-13-server #55-Ubuntu SMP Tue > Jan 24 15:52:18 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux > java version "1.6.0_24" > Java(TM) SE Runtime Environment (build 1.6.0_24-b07) > Java HotSpot(TM) 64-Bit Server VM (build 19.1-b02, mixed mode) > Apache Tomcat/7.0.12 > Jenkins ver. 1.451 > Authenticating against Active Directory running on Windows Server 2008 > Reporter: Jarrett Taylor > Priority: Minor > Labels: active_directory, > > It appears that Active Directory (and presumably LDAP) authentication fails > if the user is a member of a group with special characters in the name. > Realistically, retrieveUser fails which makes it look like an authentication > issue. To resolve this, the DN of the group needs to be properly escaped > before calling context.getAttributes(dn). This is probably related to the > incomplete fix applied in JENKINS-3249 > (https://issues.jenkins-ci.org/browse/JENKINS-3249). > The group that is failing is one we use to test our own LDAP code. It is > named: > test,+"\<>;=/role > Here is the log information related to the authentication failure (with > identifying data replaced): > Feb 27, 2012 11:43:13 AM > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider > retrieveUser > WARNING: Exhausted all configured domains and could not authenticat against > any. > Feb 27, 2012 11:43:13 AM > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider > retrieveUser > WARNING: Credential exception tying to authenticate against EXAMPLE.COM domain > org.acegisecurity.BadCredentialsException: Failed to retrieve user > information for example.user; nested exception is > javax.naming.InvalidNameException: > "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code > 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data > 0, v1db0]; remaining name > '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:180) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) > at > org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) > at > org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) > at > org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) > at > org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) > at > org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) > at > hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) > at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) > at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) > at > org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) > at > org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > Caused by: javax.naming.InvalidNameException: > "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code > 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data > 0, v1db0]; remaining name > '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) > at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1309) > at > com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:223) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:172) > ... 37 more > Feb 27, 2012 11:43:13 AM > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider > retrieveUser > WARNING: Failed to retrieve user information for example.user > javax.naming.InvalidNameException: > "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code > 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data > 0, v1db0]; remaining name > '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) > at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1309) > at > com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:223) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:172) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) > at > org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) > at > org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) > at > org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) > at > org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) > at > org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) > at > hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) > at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) > at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) > at > org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) > at > org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > Feb 27, 2012 11:43:13 AM > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider > resolveGroups > FINE: Example User is a member of > CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com > Feb 27, 2012 11:43:13 AM > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider > resolveGroups > FINE: Example User is a member of CN=Working > Example,OU=Groups,DC=Example,DC=com > Feb 27, 2012 11:43:13 AM > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider > retrieveUser > FINE: Failed to find example.user in userPrincipalName. Trying sAMAccountName > Feb 27, 2012 11:43:13 AM > hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl > bind > FINE: Bound to b-ad-01.example.com:3269 > Feb 27, 2012 11:43:13 AM > hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl > bind > WARNING: Failed to bind to 10.10.10.10:389 > javax.naming.CommunicationException: simple bind failed: 10.10.10.10:389 > [Root exception is java.net.SocketException: Connection reset] > at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694) > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293) > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) > at > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134) > at > hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:293) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:142) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) > at > org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) > at > org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) > at > org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) > at > org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) > at > org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) > at > hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) > at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) > at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) > at > org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) > at > org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > Caused by: java.net.SocketException: Connection reset > at java.net.SocketInputStream.read(SocketInputStream.java:168) > at > com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293) > at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632) > at > com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) > at > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) > at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) > at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:396) > at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334) > at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192) > ... 43 more > Feb 27, 2012 11:43:13 AM > hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl > obtainLDAPServer > FINE: _gc._tcp.EXAMPLE.COM resolved to [b-ad-01.example.com:3269, > b-ad-01.example.com:3269, c-ad-01.example.com:3269, v-ad-01.example.com:3269, > j-ad-01.example.com:3269, s-ms-ad-01.example.com:3269, > b-ms-ad-01.example.com:3269] > Feb 27, 2012 11:43:13 AM > hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl > obtainLDAPServer > FINE: Attempting to resolve _gc._tcp.EXAMPLE.COM to SRV record -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira