simon gareste created JENKINS-13965:
---------------------------------------
Summary: LDAP trouble : gets the info, but error 32 still
Key: JENKINS-13965
URL: https://issues.jenkins-ci.org/browse/JENKINS-13965
Project: Jenkins
Issue Type: Bug
Components: ldapemail
Affects Versions: current
Environment: debian wheezy
Reporter: simon gareste
Assignee: justinedelson
Jenkins version 1.466, run as java -jar jenkins.war, using apache 2.2.22 as web
server
after configuring my ldap :
<securityRealm class="hudson.security.LDAPSecurityRealm">
<server>ldap://our.server.com</server>
<rootDN>OU=people,DC=company,DC=com</rootDN>
<inhibitInferRootDN>false</inhibitInferRootDN>
<userSearchBase></userSearchBase>
<userSearch>mail={0}</userSearch>
<groupSearchBase>OU=people,DC=company,DC=com</groupSearchBase>
<managerDN>CN=manager,DC=company,DC=com</managerDN>
<managerPassword>X3NjaWxhYl8=</managerPassword>
</securityRealm>
We try to login, and always get the error 32
May 31, 2012 4:59:38 PM hudson.security.AuthenticationProcessingFilter2
onUnsuccessfulAuthentication
INFO: Login attempt failed
org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP: error
code 32 - No Such Object]; nested exception is
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name '[email protected]'; nested exception is
org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP: error code
32 - No Such Object]; nested exception is javax.naming.NameNotFoundException:
[LDAP: error code 32 - No Such Object]; remaining name '[email protected]'
at
org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238)
at
org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
at
org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
at
org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
at
org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
at
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
at
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
at
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
at
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at
hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at
hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at
hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
at
winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
Caused by: org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP:
error code 32 - No Such Object]; nested exception is
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name '[email protected]'
at
org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)
at
org.acegisecurity.ldap.LdapTemplate.retrieveEntry(LdapTemplate.java:165)
at
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.bindWithDn(BindAuthenticator.java:87)
at
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:72)
at
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49)
at
org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)
... 30 more
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such
Object]; remaining name '[email protected]'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3112)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1332)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)
at
javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)
at
org.acegisecurity.ldap.LdapTemplate$2.doInDirContext(LdapTemplate.java:168)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
... 35 more
My credentials are correct (Bad Credentials log if I change them). ngrep on
port 389 on ldap server gives me this feedback :
T jenkins.server.ip:45607 -> ldap.server.ip:389 [AP]
0T...cO..OU=people,DC=company,DC=com................
[email protected].
#
T ldap.server.ip:389 -> jenkins.server.ip:45607 [AP]
0..>[email protected],ou=people,dc=company,dc=com0...0"[email protected]
MYNAME0...sn1...MYNAME0...displayName1...Simon MYNAME0!..uid1...
[email protected]
#
T ldap.server.ip:389 -> jenkins.server.ip:45607 [AP]
0....e........
#####
T jenkins.server.ip:45715 -> ldap.server.ip:389 [AP]
0N...`[email protected],OU=people,DC=company,DC=com..clearpassword
##
T ldap.server.ip:389 -> jenkins.server.ip:45715 [AP]
0....a........
##
T jenkins.server.ip:45715 -> ldap.server.ip:389 [AP]
0][email protected],OU=people,DC=company,DC=com.................objectClass0.
#
T ldap.server.ip:389 -> jenkins.server.ip:45715 [AP]
0....e... ....
#
T jenkins.server.ip:45715 -> ldap.server.ip:389 [AP]
0....B.
First lines tell me that the info about the user is retreived (hence my DN
manager is correct, his password too, and the DNroot is good too, isn't it?)
My second guess would be that the password is wrong, but since it's written in
clear, I can read it and it's correct.
So..is this a misconfiguration from my part, or is this indeed a bug?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
