Re: LDAP Plugin authentication issue
,Hi Wanted to update - I have finally solved this issue I switched to Active Directory plugin + Matrix Authorization Strategy Plugin http://wiki.jenkins-ci.org/display/JENKINS/Matrix+Authorization+Strategy+Plugin Basically, you need help from your IT/Netwrork plp to know the Bind DN and Bind Password Use the matrix plugin to actually do something with the authorization and decide who can do what Many thanks Gil בתאריך יום רביעי, 29 באוקטובר 2014 13:04:44 UTC+2, מאת maciej: Gil Br (2014-10-29 08:51): Hi, Your answer relates to Active Directory, I'm using LDAP 389 on Linux. Any other idea? Depending on your LDAP configuration you should use correct search base and search filter... But I'm not sure how would you use NT password if LDAP is on Linux? Or what do you mean by NT? I though you meant Windows NT password (hence I mentioned Active Directory which is kind of built in Windows domain). Regards, Nux -- You received this message because you are subscribed to the Google Groups Jenkins Users group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: LDAP Plugin authentication issue
Hi, Your answer relates to Active Directory, I'm using LDAP 389 on Linux. Any other idea? Gil בתאריך יום שלישי, 28 באוקטובר 2014 16:58:34 UTC+2, מאת Gil Br: All, I installed the latest LDAP Plugin for Jenkins. When I use ldap://server.name I get *no* error under the LDAP Server line, however when I use ldap*s*://server.name:636 I get the following error: Unable to connect to ldaps://server.name:636 : javax.naming.CommunicationException: simple bind failed: server.name:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] javax.naming.CommunicationException: simple bind failed: server.name:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) In either case (ldaps or ldap) I get login failed when I try to login with my NT user/password, Jenkins runs on windows. Am I missing something here? Gil -- You received this message because you are subscribed to the Google Groups Jenkins Users group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: LDAP Plugin authentication issue
Gil Br (2014-10-29 08:51): Hi, Your answer relates to Active Directory, I'm using LDAP 389 on Linux. Any other idea? Depending on your LDAP configuration you should use correct search base and search filter... But I'm not sure how would you use NT password if LDAP is on Linux? Or what do you mean by NT? I though you meant Windows NT password (hence I mentioned Active Directory which is kind of built in Windows domain). Regards, Nux -- You received this message because you are subscribed to the Google Groups Jenkins Users group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
LDAP Plugin authentication issue
All, I installed the latest LDAP Plugin for Jenkins. When I use ldap://server.name I get *no* error under the LDAP Server line, however when I use ldap*s*://server.name:636 I get the following error: Unable to connect to ldaps://server.name:636 : javax.naming.CommunicationException: simple bind failed: server.name:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] javax.naming.CommunicationException: simple bind failed: server.name:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) In either case (ldaps or ldap) I get login failed when I try to login with my NT user/password, Jenkins runs on windows. Am I missing something here? Gil -- You received this message because you are subscribed to the Google Groups Jenkins Users group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: LDAP Plugin authentication issue
Gil Br (2014-10-28 15:58): All, I installed the latest LDAP Plugin for Jenkins. When I use ldap://server.name I get *no* error under the LDAP Server line, however when I use ldap*s*://server.name:636 I get the following error: /Unable to connect to ldaps://server.name:636 : javax.naming.CommunicationException: simple bind failed: server.name:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]// // //[...]/ Most probably your LDAP uses a certifacte that is not valid on Jenkins box. This is when you have a self generated certificate. You would probably have to install CA on your Jenkins box. In either case (ldaps or ldap) I get login failed when I try to login with my NT user/password, Jenkins runs on windows. I haven't tried using ldap protocol in server address but that should work for Active Directory LDAP: * server: your.domain.com * rootDN: DC=your,DC=domain,DC=com * userSearchBase: CN=Users * user search filter: sAMAccountName={0} * managerDN: DOMAIN\someUser * managerPassword: someUser password AFAIK `userSearchBase` and `user search filter` are the same for all Active Directory installations. Regards, Nux -- You received this message because you are subscribed to the Google Groups Jenkins Users group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.