[ https://issues.jenkins-ci.org/browse/JENKINS-12619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=162098#comment-162098 ]
SCM/JIRA link daemon commented on JENKINS-12619: ------------------------------------------------ Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/5e7a25fb02ef8b7649938a258d3e741d2ddc7c8a Log: [FIXED JENKINS-12619] improved the error handling. If AD doesn't allow anonymous bind, it can still pass the bind method OK but fail only when we actually try to query. detect that and recover gracefully. > "Failed to test the validity of the user name" on all security matrices since > upgrade > ------------------------------------------------------------------------------------- > > Key: JENKINS-12619 > URL: https://issues.jenkins-ci.org/browse/JENKINS-12619 > Project: Jenkins > Issue Type: Bug > Components: active-directory > Environment: Jenkins 1.450, plugin version 1.26 > Windows Server 2003, non-domain server > Installed as local user > Our Windows domain name specified in configuration as ourdomain.co.uk > Reporter: Tom Fanning > Priority: Minor > Labels: jenkins, plugin, windows > > Upgraded plugin to version 1.26 just after upgrading Jenkins to 1.450 > Now get message "Failed to test the validity of the user name x" wherever > there is a security checkbox matrix. > Everything seems to work alright still as far as I can tell. > Stack trace: > org.acegisecurity.BadCredentialsException: Failed to retrieve user > information for x; nested exception is javax.naming.NamingException: [LDAP: > error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform > this operation a successful bind must be completed on the connection., data > 0, v1db1]; remaining name 'DC=ourdomain,DC=co,DC=uk' > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:231) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:130) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:95) > at > hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:27) > at > hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:551) > at > hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:304) > at > hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at > org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282) > at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149) > at > org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88) > at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111) > at > org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) > at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563) > at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648) > at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241) > at > org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) > at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563) > at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648) > at org.kohsuke.stapler.Stapler.invoke(Stapler.java:477) > at org.kohsuke.stapler.Stapler.service(Stapler.java:159) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:45) > at winstone.ServletConfiguration.execute(ServletConfiguration.java:248) > at winstone.RequestDispatcher.forward(RequestDispatcher.java:333) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376) > at > hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95) > at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87) > at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) > at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47) > at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) > at > hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) > at > hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) > at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) > at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) > at > hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) > at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) > at winstone.RequestDispatcher.forward(RequestDispatcher.java:331) > at > winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244) > at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150) > at java.lang.Thread.run(Unknown Source) > Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: > LdapErr: DSID-0C0906E8, comment: In order to perform this operation a > successful bind must be completed on the connection., data 0, v1db1]; > remaining name 'DC=ourdomain,DC=co,DC=uk' > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) > at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source) > at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) > at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) > at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source) > at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown > Source) > at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown > Source) > at > hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52) > at > hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42) > at > hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:191) > ... 63 more -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira