Hi Zac !
I was dealing with the same issue: authentication against LDAP/AD and your
answer was the right one.
Also, I fixed the group filter and configured group properties using this
filter:
Group search filter: (& (cn={0}) (objectclass=group) )
Group Search Base: your OU groups separated with comas (,).
Thus I can configure groups and users from general configuration to Job one.
Thanks for your solution it was very helpful
El miércoles, 14 de diciembre de 2011 20:01:34 UTC+1, Zac Harvey escribió:
>
> I am trying to set up Jenkins to authenticate using our AD domain over
> LDAP. I have been working with the Systems Group trying to configure
> all of the settings under Manage Jenkins >> Configure System >> Access
> Control. We finally have all the settings configured correctly (at
> least, in the eyes of the Systems people), and we are not getting any
> red validation errors in the GUI. However I still cannot login via
> LDAP/AD. Below is the console output. Any nudges in the right
> direction are enormously appreciated!
>
> Console Output:
> Dec 14, 2011 1:47:21 PM
> hudson.security.AuthenticationProcessingFilter2
> onUnsuccessfulAuthentication
> INFO: Login attempt failed
> org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP:
> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
> (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; nested exception is javax.naming.NameNotFoundException: [LDAP:
> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
> (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; remaining name 'dc=myproject,dc=com'; nested exception is
> org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP:
> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
> (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; nested exception is javax.naming.NameNotFoundException: [LDAP:
> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
> (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; remaining name 'dc=myproject,dc=com'
> at
>
> org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:
> 238)
> at
>
> org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:
> 119)
> at
>
> org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:
> 195)
> at
>
> org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:
> 45)
> at
>
> org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:
> 71)
> at
>
> org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:
> 252)
> at hudson.security.ChainedServletFilter
> $1.doFilter(ChainedServletFilter.java:87)
> at
>
> org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:
> 173)
> at hudson.security.ChainedServletFilter
> $1.doFilter(ChainedServletFilter.java:87)
> at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
> at hudson.security.ChainedServletFilter
> $1.doFilter(ChainedServletFilter.java:87)
> at
>
> org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:
> 249)
> at
>
> hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:
> 66)
> at hudson.security.ChainedServletFilter
> $1.doFilter(ChainedServletFilter.java:87)
> at
> hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:
> 76)
> at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
> 243)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
> 210)
> at
> hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:
> 81)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
> 243)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
> 210)
> at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
> 224)
> at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
> 185)
> at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:
> 472)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
> 151)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
> 100)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
> 929)
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
> 118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
> 405)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
> 269)
> at org.apache.coyote.AbstractProtocol
> $AbstractConnectionHandler.process(AbstractProtocol.java:515)
> at org.apache.tomcat.util.net.JIoEndpoint
> $SocketProcessor.run(JIoEndpoint.java:302)
> at java.util.concurrent.ThreadPoolExecutor
> $Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor
> $Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: org.acegisecurity.ldap.LdapDataAccessException:
> LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031001E4,
> problem 2001 (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; nested exception is javax.naming.NameNotFoundException: [LDAP:
> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
> (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; remaining name 'dc=myproject,dc=com'
> at org.acegisecurity.ldap.LdapTemplate
> $LdapExceptionTranslator.translate(LdapTemplate.java:295)
> at
> org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)
> at
> org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:
> 246)
> at
>
> org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:
> 119)
> at
>
> org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:
> 71)
> at
>
> org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:
> 49)
> at
>
> org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:
> 233)
> ... 34 more
> Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 -
> 0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0,
> best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; remaining name 'dc=myproject,dc=com'
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1766)
> at
>
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:
> 394)
> at
>
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:
> 376)
> at
>
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:
> 358)
> at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:
> 267)
> at org.acegisecurity.ldap.LdapTemplate
> $3.doInDirContext(LdapTemplate.java:249)
> at
> org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
> ... 39 more
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
