Hi Zac !
I was dealing with the same issue: authentication against LDAP/AD and your
answer was the right one.
Also, I fixed the group filter and configured group properties using this
filter:
Group search filter: (& (cn={0}) (objectclass=group) )
Group Search Base: your OU groups separated with comas (,).
Thus I can configure groups and users from general configuration to Job one.
Thanks for your solution it was very helpful
El miércoles, 14 de diciembre de 2011 20:01:34 UTC+1, Zac Harvey escribió:
>
> I am trying to set up Jenkins to authenticate using our AD domain over
> LDAP. I have been working with the Systems Group trying to configure
> all of the settings under Manage Jenkins >> Configure System >> Access
> Control. We finally have all the settings configured correctly (at
> least, in the eyes of the Systems people), and we are not getting any
> red validation errors in the GUI. However I still cannot login via
> LDAP/AD. Below is the console output. Any nudges in the right
> direction are enormously appreciated!
>
> Console Output:
> Dec 14, 2011 1:47:21 PM
> hudson.security.AuthenticationProcessingFilter2
> onUnsuccessfulAuthentication
> INFO: Login attempt failed
> org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP:
> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
> (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; nested exception is javax.naming.NameNotFoundException: [LDAP:
> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
> (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; remaining name 'dc=myproject,dc=com'; nested exception is
> org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP:
> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
> (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; nested exception is javax.naming.NameNotFoundException: [LDAP:
> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
> (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; remaining name 'dc=myproject,dc=com'
> at
>
> org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:
> 238)
> at
>
> org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:
> 119)
> at
>
> org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:
> 195)
> at
>
> org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:
> 45)
> at
>
> org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:
> 71)
> at
>
> org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:
> 252)
> at hudson.security.ChainedServletFilter
> $1.doFilter(ChainedServletFilter.java:87)
> at
>
> org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:
> 173)
> at hudson.security.ChainedServletFilter
> $1.doFilter(ChainedServletFilter.java:87)
> at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
> at hudson.security.ChainedServletFilter
> $1.doFilter(ChainedServletFilter.java:87)
> at
>
> org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:
> 249)
> at
>
> hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:
> 66)
> at hudson.security.ChainedServletFilter
> $1.doFilter(ChainedServletFilter.java:87)
> at
> hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:
> 76)
> at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
> 243)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
> 210)
> at
> hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:
> 81)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
> 243)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
> 210)
> at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
> 224)
> at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
> 185)
> at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:
> 472)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
> 151)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
> 100)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
> 929)
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
> 118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
> 405)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
> 269)
> at org.apache.coyote.AbstractProtocol
> $AbstractConnectionHandler.process(AbstractProtocol.java:515)
> at org.apache.tomcat.util.net.JIoEndpoint
> $SocketProcessor.run(JIoEndpoint.java:302)
> at java.util.concurrent.ThreadPoolExecutor
> $Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor
> $Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: org.acegisecurity.ldap.LdapDataAccessException:
> LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031001E4,
> problem 2001 (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; nested exception is javax.naming.NameNotFoundException: [LDAP:
> error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
> (NO_OBJECT), data 0, best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; remaining name 'dc=myproject,dc=com'
> at org.acegisecurity.ldap.LdapTemplate
> $LdapExceptionTranslator.translate(LdapTemplate.java:295)
> at
> org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)
> at
> org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:
> 246)
> at
>
> org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:
> 119)
> at
>
> org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:
> 71)
> at
>
> org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:
> 49)
> at
>
> org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:
> 233)
> ... 34 more
> Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 -
> 0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0,
> best match of:
> 'DC=MYPROJECT,DC=COM'
> ]; remaining name 'dc=myproject,dc=com'
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1766)
> at
>
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:
> 394)
> at
>
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:
> 376)
> at
>
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:
> 358)
> at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:
> 267)
> at org.acegisecurity.ldap.LdapTemplate
> $3.doInDirContext(LdapTemplate.java:249)
> at
> org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
> ... 39 more
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
