I'm trying to use the Jenkins CLI for a server that is set up with AD as
the access control security realm. Logged in users can perform any action.
The Jenkins server is 1.534 on Ubuntu with Active Directory plugin 1.33,
configured with just the domain (no bind DN or password).
I've provisioned an SSH public key for my user. When I attempt to run CLI
against Jenkins it fails with this
Exception in thread "main" java.io.EOFException
at java.io.DataInputStream.readBoolean(DataInputStream.java:244)
at hudson.cli.Connection.readBoolean(Connection.java:95)
at hudson.cli.CLI.authenticate(CLI.java:644)
at hudson.cli.CLI._main(CLI.java:474)
at hudson.cli.CLI.main(CLI.java:384)
and the below is logged on the server. This is similar to JENKINS-12619
though in my case the behavior is consistent and always fails.
Does anyone have this working? It an admin domain user/password required in
this case?
Is there any sort of workaround, such as defining a local user in Jenkins
which could be used when accessing via CLI?
Thanks,
David
Oct 13, 2013 12:23:35 PM WARNING
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
retrieveUser
Failed to retrieve user information for username
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr:
DSID-0C090627, comment: In order to perform this operation a successful
bind must be completed on the connection., data 0, vece]; remaining name
'DC=mycompany,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3072)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1839)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1762)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1779)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
at
hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at
hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:263)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
at
hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:584)
at hudson.model.User.impersonate(User.java:255)
at
org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44)
at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)
Oct 13, 2013 12:23:35 PM WARNING
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
retrieveUser
Credential exception tying to authenticate against mycompany.com domain
org.acegisecurity.BadCredentialsException: Failed to retrieve user
information for username; nested exception is javax.naming.NamingException:
[LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order
to perform this operation a successful bind must be completed on the
connection., data 0, vece]; remaining name 'DC=mycompany,DC=com'
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:309)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
at
hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:584)
at hudson.model.User.impersonate(User.java:255)
at
org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44)
at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000:
LdapErr: DSID-0C090627, comment: In order to perform this operation a
successful bind must be completed on the connection., data 0, vece];
remaining name 'DC=mycompany,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3072)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1839)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1762)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1779)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
at
hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at
hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:263)
... 7 more
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
