Re: Problems in login using LDAP server
On Thursday, October 24, 2013 4:44:31 PM UTC-3, Mauricio Fuentes Montero wrote: > > > > > 2013/10/24 Daniel Beck > >> >> On 22.10.2013, at 23:01, Mauricio Fuentes Montero < >> fuentes.mont...@gmail.com> wrote: >> >> > RemoteIpAddress: 127.0.0.1; >> >> Is Jenkins behind a reverse proxy? > > > Yes and using SSL. > > >> What happens when you try to access it directly? > > > The application is running on the port 8080, I can't access it directly. I > just can access it through the port 80. > > >> When you go to 'Manage Jenkins', does an error about your reverse proxy >> setup appear? > > > No, no message there. > > >> Did you configure the URL to Jenkins in the global configuration? >> > > Yes, I've configured the HTTPS URL on the global configuration page. > > Besides all this I realized that after posting the login form I'm been redirected to a wrong URL. Say jenkins is running https://jenkins.example.com/jenkins/, then after posting the login form I end up on https://jenkins.example.com//jenkins/. Does this has anything to do with the login problem? Thanks in advance! > Thanks of answer! > > > >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Jenkins Users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/jenkinsci-users/aP-2C5vuS3A/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> jenkinsci-users+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > > > -- > Saludos! > Mauricio > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problems in login using LDAP server
2013/10/24 Daniel Beck > > On 22.10.2013, at 23:01, Mauricio Fuentes Montero < > fuentes.mont...@gmail.com> wrote: > > > RemoteIpAddress: 127.0.0.1; > > Is Jenkins behind a reverse proxy? Yes and using SSL. > What happens when you try to access it directly? The application is running on the port 8080, I can't access it directly. I just can access it through the port 80. > When you go to 'Manage Jenkins', does an error about your reverse proxy > setup appear? No, no message there. > Did you configure the URL to Jenkins in the global configuration? > Yes, I've configured the HTTPS URL on the global configuration page. Thanks of answer! > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-users/aP-2C5vuS3A/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > -- Saludos! Mauricio -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problems in login using LDAP server
On 22.10.2013, at 23:01, Mauricio Fuentes Montero wrote: > RemoteIpAddress: 127.0.0.1; Is Jenkins behind a reverse proxy? What happens when you try to access it directly? When you go to 'Manage Jenkins', does an error about your reverse proxy setup appear? Did you configure the URL to Jenkins in the global configuration? -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problems in login using LDAP server
Well we have reached the limit of my LDAP foo... Kohsuke? On Thursday, 24 October 2013, Mauricio wrote: > Hi Stephen, > > Thanks of answering... > > 2013/10/24 Stephen Connolly > 'stephen.alan.conno...@gmail.com');> > > > > > > Copy and paste the following into the script console, changing the names > to ones appropriate to your LDAP server > > > > String[] names = ["a group name","a user name","a name that does not > exist"]; > > for (name in names) { > > println("Checking the name '" + name + "'...") > > try { > > println(" It is an USER: " + > Jenkins.instance.securityRealm.loadUserByUsername(name)) > > } catch (Exception e) { > > try { > > println(" It is a GROUP: " + > Jenkins.instance.securityRealm.loadGroupByGroupname(name)) > > continue > > } catch (Exception e1) { > > println(" It is NOT a group, reason: " + e1.getMessage()) > > } > > println(" It is NOT an user, reason: " + e.getMessage()) > > } > > println(""); > > } > > > > > > > > See what output you get... I suspect that you need to tweak some of the > filters and queries to get auth working... > > > > I got the following output > > > Checking the name 'exisinggroup'... > It is a GROUP: hudson.security.LDAPSecurityRealm$1@17c5050 > Checking the name 'existinguser'... > It is an USER: > org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@2d7c9e > > Checking the name 'nonexistinguser'... > It is NOT a group, reason: nonexistinguser > It is NOT an user, reason: User nonexistinguser not found in directory. > > > > > > Also > > > > IS YOUR LDAP SERVER CALLED ACTIVE DIRECTORY? > > No > > > > > > > > If it is, please try the "Active Directory" plugin as it should "just > work"... the LDAP one is really for real LDAP servers not that fake LDAP > server known as Active Directory > > > > On 23 October 2013 14:43, Mauricio > > > 'fuentes.mont...@gmail.com');>> > wrote: > >> > >> > >> > >> > >> 2013/10/22 Mauricio 'cvml', 'fuentes.mont...@gmail.com');>> > >>> > >>> > >>> On Oct 22, 2013 6:49 PM, "Daniel Beck" > >>> > > wrote: > >>> > > >>> > On 22.10.2013, at 23:21, Mauricio > >>> > >>> > 'fuentes.mont...@gmail.com');>> > wrote: > >>> > > >>> > > Are you refering to the *nix command or is that a Jenkins plugin? > >>> > > >>> > That's a URL path to a Jenkins page with some diagnostic information > about your user account. Open http://jenkinshost/whoAmI or > http://jenkinshost/jenkins/whoAmI (depending on your configuration) in > your browser after logging in. > >>> > >>> It says that I'm log as anonymous > >>> > >>> > >> > >> Do know you know any other way to debug this? > >> > >> Thanks! > >> > >> > >>> > >>> > > >>> > -- > >>> > You received this message because you are subscribed to a topic in > the Google Groups "Jenkins Users" group. > >>> > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-users/aP-2C5vuS3A/unsubscribe. > >>> > To unsubscribe from this group and all its topics, send an email to > jenkinsci-users+unsubscr...@googlegroups.com 'jenkinsci-users%2bunsubscr...@googlegroups.com');>. > >>> > For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > >> > >> > >> -- > >> Saludos! > >> Mauricio > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups "Jenkins Users" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to jenkinsci-users+unsubscr...@googlegroups.com 'cvml', > 'jenkinsci-users%2bunsubscr...@googlegroups.com');>. > >> > >> For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-users/aP-2C5vuS3A/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > jenkinsci-users+unsubscr...@googlegroups.com 'jenkinsci-users%2bunsubscr...@googlegroups.com');>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > -- > Saludos! > Mauricio > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com 'cvml', 'jenkinsci-users%2bunsubscr...@googlegroups.com');>. > For more options, visit https://groups.google.com/groups/opt_out. > -- Sent from my phone -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problems in login using LDAP server
Hi Stephen, Thanks of answering... 2013/10/24 Stephen Connolly > > Copy and paste the following into the script console, changing the names to ones appropriate to your LDAP server > > String[] names = ["a group name","a user name","a name that does not exist"]; > for (name in names) { > println("Checking the name '" + name + "'...") > try { > println(" It is an USER: " + Jenkins.instance.securityRealm.loadUserByUsername(name)) > } catch (Exception e) { > try { > println(" It is a GROUP: " + Jenkins.instance.securityRealm.loadGroupByGroupname(name)) > continue > } catch (Exception e1) { > println(" It is NOT a group, reason: " + e1.getMessage()) > } > println(" It is NOT an user, reason: " + e.getMessage()) > } > println(""); > } > > > > See what output you get... I suspect that you need to tweak some of the filters and queries to get auth working... > I got the following output Checking the name 'exisinggroup'... It is a GROUP: hudson.security.LDAPSecurityRealm$1@17c5050 Checking the name 'existinguser'... It is an USER: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@2d7c9e Checking the name 'nonexistinguser'... It is NOT a group, reason: nonexistinguser It is NOT an user, reason: User nonexistinguser not found in directory. > > Also > > IS YOUR LDAP SERVER CALLED ACTIVE DIRECTORY? No > > > If it is, please try the "Active Directory" plugin as it should "just work"... the LDAP one is really for real LDAP servers not that fake LDAP server known as Active Directory > > On 23 October 2013 14:43, Mauricio wrote: >> >> >> >> >> 2013/10/22 Mauricio >>> >>> >>> On Oct 22, 2013 6:49 PM, "Daniel Beck" wrote: >>> > >>> > On 22.10.2013, at 23:21, Mauricio wrote: >>> > >>> > > Are you refering to the *nix command or is that a Jenkins plugin? >>> > >>> > That's a URL path to a Jenkins page with some diagnostic information about your user account. Open http://jenkinshost/whoAmI or http://jenkinshost/jenkins/whoAmI (depending on your configuration) in your browser after logging in. >>> >>> It says that I'm log as anonymous >>> >>> >> >> Do know you know any other way to debug this? >> >> Thanks! >> >> >>> >>> > >>> > -- >>> > You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group. >>> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/aP-2C5vuS3A/unsubscribe. >>> > To unsubscribe from this group and all its topics, send an email to jenkinsci-users+unsubscr...@googlegroups.com. >>> > For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> >> -- >> Saludos! >> Mauricio >> >> -- >> You received this message because you are subscribed to the Google Groups "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. >> >> For more options, visit https://groups.google.com/groups/opt_out. > > > -- > You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/aP-2C5vuS3A/unsubscribe. > To unsubscribe from this group and all its topics, send an email to jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- Saludos! Mauricio -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problems in login using LDAP server
Copy and paste the following into the script console, changing the names to ones appropriate to your LDAP server String[] names = ["a group name","a user name","a name that does not exist"]; for (name in names) { println("Checking the name '" + name + "'...") try { println(" It is an USER: " + Jenkins.instance.securityRealm.loadUserByUsername(name)) } catch (Exception e) { try { println(" It is a GROUP: " + Jenkins.instance.securityRealm.loadGroupByGroupname(name)) continue } catch (Exception e1) { println(" It is NOT a group, reason: " + e1.getMessage()) } println(" It is NOT an user, reason: " + e.getMessage()) } println(""); } See what output you get... I suspect that you need to tweak some of the filters and queries to get auth working... Also IS YOUR LDAP SERVER CALLED ACTIVE DIRECTORY? If it is, please try the "Active Directory" plugin as it should "just work"... the LDAP one is really for real LDAP servers not that fake LDAP server known as Active Directory On 23 October 2013 14:43, Mauricio wrote: > > > > 2013/10/22 Mauricio > >> >> On Oct 22, 2013 6:49 PM, "Daniel Beck" wrote: >> > >> > On 22.10.2013, at 23:21, Mauricio wrote: >> > >> > > Are you refering to the *nix command or is that a Jenkins plugin? >> > >> > That's a URL path to a Jenkins page with some diagnostic information >> about your user account. Open http://jenkinshost/whoAmI or >> http://jenkinshost/jenkins/whoAmI (depending on your configuration) in >> your browser after logging in. >> >> It says that I'm log as anonymous >> >> > Do know you know any other way to debug this? > > Thanks! > > > >> > >> > -- >> > You received this message because you are subscribed to a topic in the >> Google Groups "Jenkins Users" group. >> > To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/jenkinsci-users/aP-2C5vuS3A/unsubscribe >> . >> > To unsubscribe from this group and all its topics, send an email to >> jenkinsci-users+unsubscr...@googlegroups.com. >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> > > > -- > Saludos! > Mauricio > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problems in login using LDAP server
2013/10/22 Mauricio > > On Oct 22, 2013 6:49 PM, "Daniel Beck" wrote: > > > > On 22.10.2013, at 23:21, Mauricio wrote: > > > > > Are you refering to the *nix command or is that a Jenkins plugin? > > > > That's a URL path to a Jenkins page with some diagnostic information > about your user account. Open http://jenkinshost/whoAmI or > http://jenkinshost/jenkins/whoAmI (depending on your configuration) in > your browser after logging in. > > It says that I'm log as anonymous > > Do know you know any other way to debug this? Thanks! > > > > -- > > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-users/aP-2C5vuS3A/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > jenkinsci-users+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. > > -- Saludos! Mauricio -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problems in login using LDAP server
On Oct 22, 2013 6:49 PM, "Daniel Beck" wrote: > > On 22.10.2013, at 23:21, Mauricio wrote: > > > Are you refering to the *nix command or is that a Jenkins plugin? > > That's a URL path to a Jenkins page with some diagnostic information about your user account. Open http://jenkinshost/whoAmI or http://jenkinshost/jenkins/whoAmI (depending on your configuration) in your browser after logging in. It says that I'm log as anonymous > > -- > You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/aP-2C5vuS3A/unsubscribe. > To unsubscribe from this group and all its topics, send an email to jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problems in login using LDAP server
On 22.10.2013, at 23:21, Mauricio wrote: > Are you refering to the *nix command or is that a Jenkins plugin? That's a URL path to a Jenkins page with some diagnostic information about your user account. Open http://jenkinshost/whoAmI or http://jenkinshost/jenkins/whoAmI (depending on your configuration) in your browser after logging in. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problems in login using LDAP server
+56985101709 On Oct 22, 2013 6:08 PM, "Daniel Beck" wrote: > > What's shown on /whoAmI ? Are you refering to the *nix command or is that a Jenkins plugin? > > On 22.10.2013, at 23:01, Mauricio Fuentes Montero < fuentes.mont...@gmail.com> wrote: > > > Hi everyone, > > > > I'm trying to configure security for a new instance of jenkins using LDAP. Our LDAP server allows anonymous queries and I've set up all the needed information on jenkins. When I try to login, I enter the username and password and press the "log in", I understand that if the login went ok I should see my username on the top-right corner of the next screen, but nothing happened. I enabled the login for hudson.security.* and I saw the following log, among others: > > ... > > > > 21-Oct-2013 19:38:50.639 FINE [http-nio-8080-exec-6] hudson.security.AuthenticationProcessingFilter2.successfulAuthentication Authentication success: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@b475870f: Username: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@104c2b; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@6a82: RemoteIpAddress: 127.0.0.1; SessionId: 92846AB177A1833E208B166B7EFAE16E; Granted Authorities: arquitectura, authenticated, all, ROLE_ARQUITECTURA, ROLE_ALL > > 21-Oct-2013 19:38:50.639 FINE [http-nio-8080-exec-6] hudson.security.AuthenticationProcessingFilter2.successfulAuthentication Updated SecurityContextHolder to contain the following Authentication: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@b475870f: Username: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@104c2b; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@6a82: RemoteIpAddress: 127.0.0.1; SessionId: 92846AB177A1833E208B166B7EFAE16E; Granted Authorities: arquitectura, authenticated, all, ROLE_ARQUITECTURA, ROLE_ALL' > > 21-Oct-2013 19:38:50.640 FINE [http-nio-8080-exec-6] hudson.security.AuthenticationProcessingFilter2.successfulAuthentication Redirecting to target URL from HTTP Session (or default): /manage > > ... > > > > This makes me think that everything is ok, but I'm not logged in. > > > > Does anybody know why this happens? > > > > Thanks in advance. > > > > -- > > You received this message because you are subscribed to the Google Groups "Jenkins Users" group. > > To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/aP-2C5vuS3A/unsubscribe. > To unsubscribe from this group and all its topics, send an email to jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problems in login using LDAP server
What's shown on /whoAmI ? On 22.10.2013, at 23:01, Mauricio Fuentes Montero wrote: > Hi everyone, > > I'm trying to configure security for a new instance of jenkins using LDAP. > Our LDAP server allows anonymous queries and I've set up all the needed > information on jenkins. When I try to login, I enter the username and > password and press the "log in", I understand that if the login went ok I > should see my username on the top-right corner of the next screen, but > nothing happened. I enabled the login for hudson.security.* and I saw the > following log, among others: > ... > > 21-Oct-2013 19:38:50.639 FINE [http-nio-8080-exec-6] > hudson.security.AuthenticationProcessingFilter2.successfulAuthentication > Authentication success: > org.acegisecurity.providers.UsernamePasswordAuthenticationToken@b475870f: > Username: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@104c2b; > Password: [PROTECTED]; Authenticated: true; Details: > org.acegisecurity.ui.WebAuthenticationDetails@6a82: RemoteIpAddress: > 127.0.0.1; SessionId: 92846AB177A1833E208B166B7EFAE16E; Granted Authorities: > arquitectura, authenticated, all, ROLE_ARQUITECTURA, ROLE_ALL > 21-Oct-2013 19:38:50.639 FINE [http-nio-8080-exec-6] > hudson.security.AuthenticationProcessingFilter2.successfulAuthentication > Updated SecurityContextHolder to contain the following Authentication: > 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@b475870f: > Username: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@104c2b; > Password: [PROTECTED]; Authenticated: true; Details: > org.acegisecurity.ui.WebAuthenticationDetails@6a82: RemoteIpAddress: > 127.0.0.1; SessionId: 92846AB177A1833E208B166B7EFAE16E; Granted Authorities: > arquitectura, authenticated, all, ROLE_ARQUITECTURA, ROLE_ALL' > 21-Oct-2013 19:38:50.640 FINE [http-nio-8080-exec-6] > hudson.security.AuthenticationProcessingFilter2.successfulAuthentication > Redirecting to target URL from HTTP Session (or default): /manage > ... > > This makes me think that everything is ok, but I'm not logged in. > > Does anybody know why this happens? > > Thanks in advance. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.