[JIRA] (JENKINS-13595) Active Directory authentication when making configuration changes locks out the user operating system IDs of any people identified in the security matrix for that project.

[scm_issue_l...@java.net (JIRA)]

    [ 
https://issues.jenkins-ci.org/browse/JENKINS-13595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=162099#comment-162099
 ] 

SCM/JIRA link daemon commented on JENKINS-13595:
------------------------------------------------

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
 src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
http://jenkins-ci.org/commit/active-directory-plugin/1c4d2ee8b341426490db97fb5a72541ffdb1eec7
Log:
  [FIXED JENKINS-13595] when attempting anonymous bind, don't specify the user 
name.

If AD is configured not to allow anonymous bind, it'll be recorded as a failed 
login attempt, and depending on the security policy in question, it can lock 
the user out.



                
> Active Directory authentication when making configuration changes locks out 
> the user operating system IDs of any people identified in the security matrix 
> for that project.
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JENKINS-13595
>                 URL: https://issues.jenkins-ci.org/browse/JENKINS-13595
>             Project: Jenkins
>          Issue Type: Bug
>          Components: active-directory
>    Affects Versions: current
>         Environment: Running Jenkins as a windows service on a win 2003 
> server using a master-slave setup.
>            Reporter: alexlombardi
>            Priority: Critical
>             Fix For: current
>
>
> Making changes to configuration of projects triggers an Active Directory 
> validation of the users on that project's security matrix which result in AD 
> locks of users windows IDs. Our AD system is set up to lock any ID that 
> attempts to validate and fails to do so 3 times in a row. Users have to 
> contact help desk to unlock IDs after that.
> I suspect that there might be an issue with Jenkins keeping older passwords 
> internally and this causes locking when authentication attempts occur with 
> the incorrect password. Our system forces password changes every 90 days. 
> Unable to perform any kind of configuration changes for fear of locking out 
> users.
> Rolled back from version 1.26 to 1.24 whch ws previously there and the 
> problem stopped occuring.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira