![]() |
|
|
|
|
Change By:
|
uncletall
(17/Oct/14 1:40 AM)
|
|
Environment:
|
ubuntu 12.04 and 14.04 openldap
, authentication is normally done by Apache and the user information should be retrieved by Jenkins from ldap.
|
|
Description:
|
After upgrading to 1.576 or higher LDAP authentication fails. It is very repeatable and downgrading to 1.575 fixes the issue. I have tried 1.576 1.577 1.580 and 1.584 but am unable to log in.
Basically, I disable security and then setup the same config again and am still unable to log in.
I am using ldap 1.6 plugin but have also tried 1.11, both fail once I enable ldap authentication.
This is my configuration from the config.xml
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
<securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
<server>ldap://ldap</server>
<rootDN></rootDN>
<inhibitInferRootDN>false</inhibitInferRootDN>
<userSearchBase>ou=users,dc=xxx,dc=com,dc=sg</userSearchBase>
<userSearch>uid={0}</userSearch>
<groupSearchBase>ou=jenkins,ou=groups,dc=xxx,dc=com,dc=sg</groupSearchBase>
<managerDN>cn=admin,dc=xxx,dc=com,dc=sg</managerDN>
<managerPassword>xxxxxxxxxxx</managerPassword>
<disableMailAddressResolver>false</disableMailAddressResolver>
</securityRealm>
Steps to reproduce:
1. Fresh install of Jenkins 1.584 from Ubuntu apt-get install jenkins
2. Enter settings as can be used up to 1.575
3. Add the display name is the cn
4. Authorization: Anyone can do anything (I used matrix before but for now I am happy to login)
5. Save
6. My name is shown as "Peter Bruin", proof that this was retrieved from ldap or else it would be peterbruin which is my user name
7. Navigate back to Manage and I get prompted for password
8. No log entries in /var/log/jenkins/jenkins.log
9. Unable to access the system log (/log/all) as I am not able to access Jenkins
10. Downgrade to 1.575 and I can log in again
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit
https://groups.google.com/d/optout.
