Great! I have the same issue on Jenkins 1.559 / Windows 2008 R2 and resolved by your suggestion. Thanks!
[email protected]於 2013年4月5日星期五UTC+8下午7時29分57秒寫道: > > Hello, > > I can't get ldap authentication to work with Jenkins 1.505/Windows7 and > Jenkins 1.466/Ubuntu and I'm really stumped because even the Wireshark > output below looks fine to me. > > The LDAP settings are: > > Server: ldap.mydomain.de:389 > Root DN: DC=mydomain,DC=de > User Search Base: OU=Software > User Search Filter: sAMAccountName={0} > Group Search Base: > Manager DN: CN=jenkins,OU=Software,dc=mydomain,dc=de > Manager Password: xxx > > There are no problems here, the manager doesn't cause any errors. > > Attempt A) > When I try to login with my username/password I get a connection refused > error which is really weird: > > 05.04.2013 12:00:36 hudson.security.AuthenticationProcessingFilter2 > onUnsuccessfulAuthentication > INFO: Login attempt failed > org.acegisecurity.AuthenticationServiceException: LdapCallback;null; > nested exception is javax.naming.PartialResultException [Root exception is > javax.naming.CommunicationException: mydomain.de:389 [Root exception is > java.net.ConnectException: Connection refused: connect]]; nested exception > is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; > nested exception is javax.naming.PartialResultException [Root exception is > javax.naming.CommunicationException: mydomain.de:389 [Root exception is > java.net.ConnectException: Connection refused: connect]] > at > org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238) > at > org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122) > ... > > > Attempt B) > When I try to log in with a wrong password I get a bad credentials > exception which is good. > > 05.04.2013 12:33:43 hudson.security.AuthenticationProcessingFilter2 > onUnsuccessfulAuthentication > INFO: Login attempt failed > org.acegisecurity.BadCredentialsException: Bad credentials > at > org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:125) > at > org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200) > ... > > > So I traced what happens for Attempt A with Wireshark. > > It actually binds as the user John Doe then finds the details for John Doe > successfully then it unbinds and in the end it searches for the groups of > user John Doe and finds those succesfully but Jenkins still does not > authenticate me. > > No. Time Source Destination Protocol > Length Info > 319 10.394879 192.168.100.103 192.168.100.6 LDAP > 169 searchRequest(4) "OU=Software,DC=mydomain,DC=de" wholeSubtree > 321 10.395846 192.168.100.6 192.168.100.103 LDAP > 215 searchResEntry(4) "CN=John Doe,OU=Software,DC=mydomain,DC=de" > 326 10.402801 192.168.100.103 192.168.100.6 LDAP > 154 bindRequest(1) "CN=John Doe,OU=Software,DC=mydomain,DC=de" simple > 327 10.404332 192.168.100.6 192.168.100.103 LDAP > 76 bindResponse(1) success > 328 10.405094 192.168.100.103 192.168.100.6 LDAP > 171 searchRequest(2) "CN=John Doe,OU=Software,DC=mydomain,DC=de" > baseObject > 330 10.405911 192.168.100.6 192.168.100.103 LDAP > 215 searchResEntry(2) "CN=John Doe,OU=Software,DC=mydomain,DC=de" > 332 10.406506 192.168.100.103 192.168.100.6 LDAP > 61 unbindRequest(3) > 337 10.407207 192.168.100.103 192.168.100.6 LDAP > 324 searchRequest(5) "DC=mydomain,DC=de" wholeSubtree > 339 10.425127 192.168.100.6 192.168.100.103 LDAP > 521 searchResEntry(5) "CN=Terminal,CN=Users,DC=mydomain,DC=de" | > searchResEntry(5) "CN=Software,DC=mydomain,DC=de" | searchResEntry(5) > "CN=Admins,DC=mydomain,DC=de" | searchResRef(5) | searchResDone(5) > success [3 results] > > > This looks like a bug to me, what do you think? > > Regards, > > Kevin > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
