hey marc Couple of pointers. Feel free to install http://www.ldapbrowser.com/download.htm
to make sure the AD details you are giving below are correct. Also, make sure ports 389 and 3268 are not blocked by firewall on jenkins master. When I have setup, both the above points helped me. Thanks, Krishna Chaitanya On Tue, Oct 2, 2012 at 6:30 AM, marc magrans de abril < marcmagransdeab...@gmail.com> wrote: > Hi, > > I am trying to authenticate Jenkins users using our corporate LDAP server > (SSL connection) at ldaps://cerndc.cern.ch:636. However, when I try to > login > as "marc" I get a "javax.naming.CommunicationException: cern.ch:636 ". > > Is it normal that the the address appearing in the excepiton does not > include the "cerndc" prefix? I have tried to use the IP directly but I > still > get the same error message referring to "cern.ch:636". > > Do you know what am I doing wrong? > > My LDAP configuration parameters: > * Server: ldaps://cerndc.cern.ch:636 > * root DN: DC=cern,DC=ch > * User search base: <empty> > * User search filter: <empty> > * Group search base: <empty> > * Manager DN: cn=marc,ou=users,ou=Organic Units,DC=cern,DC=ch > * Manager Password: <password> > > And here the full exception trace: > > Oct 2, 2012 3:25:37 PM hudson.security.AuthenticationProcessingFilter2 >> onUnsuccessfulAuthentication >> INFO: Login attempt failed >> org.acegisecurity.AuthenticationServiceException: LdapCallback;null; >> nested exception is javax.naming.PartialResultException [Root exception is >> javax.naming.CommunicationException: cern.ch:636 [Root exception is >> java.net.ConnectException: Connection refused]]; nested exception is >> org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested >> exception is javax.naming.PartialResultException [Root exception is >> javax.naming.CommunicationException: cern.ch:636 [Root exception is >> java.net.ConnectException: Connection refused]] >> at >> org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238) >> at >> org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) >> at >> org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) >> at >> org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) >> at >> org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) >> at >> org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) >> at >> hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) >> at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) >> at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) >> at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) >> at >> org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50) >> at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) >> at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) >> at >> hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) >> at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) >> at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) >> at winstone.RequestDispatcher.forward(RequestDispatcher.java:331) >> at >> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215) >> at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138) >> at >> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) >> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) >> at java.util.concurrent.FutureTask.run(FutureTask.java:166) >> at >> winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) >> at java.lang.Thread.run(Thread.java:679) >> Caused by: org.acegisecurity.ldap.LdapDataAccessException: >> LdapCallback;null; nested exception is javax.naming.PartialResultException >> [Root exception is javax.naming.CommunicationException: cern.ch:636[Root >> exception is java.net.ConnectException: Connection refused]] >> at >> org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295) >> at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128) >> at >> org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:246) >> at >> org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:119) >> at >> org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:71) >> at >> org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49) >> at >> org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233) >> ... 33 more >> Caused by: javax.naming.PartialResultException [Root exception is >> javax.naming.CommunicationException: cern.ch:636 [Root exception is >> java.net.ConnectException: Connection refused]] >> at >> com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:242) >> at >> com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189) >> at >> org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:251) >> at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126) >> ... 38 more >> Caused by: javax.naming.CommunicationException: cern.ch:636 [Root >> exception is java.net.ConnectException: Connection refused] >> at >> com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:92) >> at >> com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150) >> at >> com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:357) >> at >> com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:226) >> ... 41 more >> Caused by: java.net.ConnectException: Connection refused >> at java.net.PlainSocketImpl.socketConnect(Native Method) >> at >> java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:327) >> at >> java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:193) >> at >> java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180) >> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384) >> at java.net.Socket.connect(Socket.java:546) >> at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:584) >> at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:385) >> at >> sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:90) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:616) >> at com.sun.jndi.ldap.Connection.createSocket(Connection.java:330) >> at com.sun.jndi.ldap.Connection.<init>(Connection.java:200) >> at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) >> at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1598) >> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2643) >> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:306) >> at >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) >> at >> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:152) >> at >> com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52) >> at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601) >> at javax.naming.spi.NamingManager.processURL(NamingManager.java:381) >> at >> javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361) >> at >> javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333) >> at >> com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:111) >> ... 44 more >> >> Oct 2, 2012 3:23:52 PM hudson.security.AuthenticationProcessingFilter2 >> onUnsuccessfulAuthentication >> INFO: Login attempt failed >> org.acegisecurity.AuthenticationServiceException: LdapCallback;null; >> nested exception is javax.naming.PartialResultException [Root exception is >> javax.naming.CommunicationException: cern.ch:636 [Root exception is >> java.net.ConnectException: Connection refused]]; nested exception is >> org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested >> exception is javax.naming.PartialResultException [Root exception is >> javax.naming.CommunicationException: cern.ch:636 [Root exception is >> java.net.ConnectException: Connection refused]] >> at >> org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238) >> at >> org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) >> at >> org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) >> at >> org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) >> at >> org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) >> at >> org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) >> at >> hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) >> at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) >> at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) >> at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) >> at >> org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50) >> at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) >> at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) >> at >> hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) >> at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) >> at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) >> at winstone.RequestDispatcher.forward(RequestDispatcher.java:331) >> at >> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215) >> at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138) >> at >> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) >> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) >> at java.util.concurrent.FutureTask.run(FutureTask.java:166) >> at >> winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) >> at java.lang.Thread.run(Thread.java:679) >> Caused by: org.acegisecurity.ldap.LdapDataAccessException: >> LdapCallback;null; nested exception is javax.naming.PartialResultException >> [Root exception is javax.naming.CommunicationException: cern.ch:636[Root >> exception is java.net.ConnectException: Connection refused]] >> at >> org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295) >> at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128) >> at >> org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:246) >> at >> org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:119) >> at >> org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:71) >> at >> org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49) >> at >> org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233) >> ... 33 more >> Caused by: javax.naming.PartialResultException [Root exception is >> javax.naming.CommunicationException: cern.ch:636 [Root exception is >> java.net.ConnectException: Connection refused]] >> at >> com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:242) >> at >> com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189) >> at >> org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:257) >> at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126) >> ... 38 more >> Caused by: javax.naming.CommunicationException: cern.ch:636 [Root >> exception is java.net.ConnectException: Connection refused] >> at >> com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:92) >> at >> com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150) >> at >> com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:357) >> at >> com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:226) >> ... 41 more >> Caused by: java.net.ConnectException: Connection refused >> at java.net.PlainSocketImpl.socketConnect(Native Method) >> at >> java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:327) >> at >> java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:193) >> at >> java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180) >> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384) >> at java.net.Socket.connect(Socket.java:546) >> at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:584) >> at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:385) >> at >> sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:90) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:616) >> at com.sun.jndi.ldap.Connection.createSocket(Connection.java:330) >> at com.sun.jndi.ldap.Connection.<init>(Connection.java:200) >> at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) >> at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1598) >> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2643) >> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:306) >> at >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) >> at >> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:152) >> at >> com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52) >> at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601) >> at javax.naming.spi.NamingManager.processURL(NamingManager.java:381) >> at >> javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361) >> at >> javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333) >> at >> com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:111) >> ... 44 more > > > > Thanks, > marc >
