[JIRA] (JENKINS-14429) LDAPS gives Administrative Limit Exceeded error, the recommended steps not applicable
hab 278 resolved JENKINS-14429 as Not A Defect LDAPS gives Administrative Limit Exceeded error, the recommended steps not applicable The file to be modified, LDAPBindSecurityRealm.groovy file was located in JENKINS_HOME/plugins/ldap/WEB-INF/classes/hudson/security/. Change By: hab 278 (18/Jul/12 6:46 PM) Status: Open Resolved Assignee: hab278 Fix Version/s: current Resolution: NotADefect This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-14429) LDAPS gives Administrative Limit Exceeded error, the recommended steps not applicable
hab 278 created JENKINS-14429 LDAPS gives Administrative Limit Exceeded error, the recommended steps not applicable Issue Type: Bug Affects Versions: current Assignee: Unassigned Components: security Created: 13/Jul/12 7:57 PM Description: Upon configuring Jenkins with an LDAPS server, jenkins seems to constantly give an "Administrative Limit Exceeded" error. However, it only does this once the user provides the correct credentials. If the user provides improper credentials, it gives "Bad Credentials". If using an unsecure LDAP server, jenkins constantly gives "Bad Credentials" Jenkins logs: Red Hat 6.2 LDAPS Correct Credentials Jul 13, 2012 3:49:11 PM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication INFO: Login attempt failed org.acegisecurity.AuthenticationServiceException: LdapCallback;LDAP: error code 11 - Administrative Limit Exceeded; nested exception is javax.naming.LimitExceededException: LDAP: error code 11 - Administrative Limit Exceeded; remaining name ''; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;LDAP: error code 11 - Administrative Limit Exceeded; nested exception is javax.naming.LimitExceededException: LDAP: error code 11 - Administrative Limit Exceeded; remaining name '' at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at
[JIRA] (JENKINS-14429) LDAPS gives Administrative Limit Exceeded error, the recommended steps not applicable
hab 278 updated JENKINS-14429 LDAPS gives Administrative Limit Exceeded error, the recommended steps not applicable Change By: hab 278 (13/Jul/12 7:59 PM) Description: UponconfiguringJenkinswithanLDAPSserver,jenkinsseemstoconstantlygiveanAdministrativeLimitExceedederror.However,itonlydoesthisoncetheuserprovidesthecorrectcredentials.Iftheuserprovidesimpropercredentials,itgivesBadCredentials.IfusinganunsecureLDAPserver,jenkinsconstantlygivesBadCredentials TherecommendedstepsistospecifygrouptoreducescopeorchangeLDAPBindSecurityRealm.groovyinWEB-INF/security/howeverthisfileisnotpresent. Jenkinslogs:RedHat6.2LDAPSCorrectCredentialsJul13,20123:49:11PMhudson.security.AuthenticationProcessingFilter2onUnsuccessfulAuthenticationINFO:Loginattemptfailedorg.acegisecurity.AuthenticationServiceException:LdapCallback;[LDAP:errorcode11-AdministrativeLimitExceeded];nestedexceptionisjavax.naming.LimitExceededException:[LDAP:errorcode11-AdministrativeLimitExceeded];remainingname;nestedexceptionisorg.acegisecurity.ldap.LdapDataAccessException:LdapCallback;[LDAP:errorcode11-AdministrativeLimitExceeded];nestedexceptionisjavax.naming.LimitExceededException:[LDAP:errorcode11-AdministrativeLimitExceeded];remainingname atorg.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238) atorg.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) atorg.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) atorg.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) atorg.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) atorg.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) athudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) atorg.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) athudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) atjenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63) athudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) atorg.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) athudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) athudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) athudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) athudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) atorg.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) atorg.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) atorg.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50) atorg.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) atorg.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) athudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) atorg.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) atorg.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) atorg.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) atorg.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) atorg.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) atorg.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) atorg.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) atorg.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) atorg.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) atorg.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) atorg.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
