Re: Problem with LDAP authentication, username=

[Vladimir Smolensky]

I'm having the exact same problem, Jenkins ignores "User search filter", 
have you found a solution?

regards

On Thursday, June 30, 2011 at 10:22:08 PM UTC+3, Lezz Giles wrote:
>
> New installation of Jenkins 1.418.  I've set it up to use LDAP, but I 
> can't get authentication to work.  In particular when I enter a name into 
> the project-based matrix authorization table, I get this in the log file....
>
> Jun 30, 2011 3:15:44 PM 
> hudson.security.LDAPSecurityRealm$LDAPUserDetailsService loadUserByUsername
> WARNING: Failed to search LDAP for username=bgp863
> org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP: error 
> code 50 - Search access not permitted with that filter]; nested exception 
> is javax.naming.NoPermissionException: [LDAP: error code 50 - Search access 
> not permitted with that filter]; remaining name ''
>
> ... along with a java stack backtrace.  If I use the Linux ldapsearch tool 
> with a filter "username=bgp863" it says exactly the same thing - "Search 
> access not permitted with that filter".
>
> I *can* search using ldapsearch with the filter "uid=bgp863" - if I 
> understand jenkins properly, I should be able to get it to search using the 
> uid field by setting the "User search filter" field in the LDAP advanced 
> settings to be "uid={0}" (which is also the default) - but setting this 
> doesn't change the fact that jenkins is trying to search using the 
> username= field instead of "uid=".
>
> Here's my config.xml:
>
> <?xml version='1.0' encoding='UTF-8'?>
> <hudson>
>   <disabledAdministrativeMonitors/>
>   <version>1.418</version>
>   <numExecutors>2</numExecutors>
>   <mode>NORMAL</mode>
>   <useSecurity>true</useSecurity>
>   <authorizationStrategy 
> class="hudson.security.ProjectMatrixAuthorizationStrategy">
>     <permission>hudson.model.Computer.Configure:anonymous</permission>
>     <permission>hudson.model.Computer.Configure:authenticated</permission>
>     <permission>hudson.model.Computer.Delete:anonymous</permission>
>     <permission>hudson.model.Computer.Delete:authenticated</permission>
>     <permission>hudson.model.Hudson.Administer:anonymous</permission>
>     <permission>hudson.model.Hudson.Administer:authenticated</permission>
>     <permission>hudson.model.Hudson.Read:anonymous</permission>
>     <permission>hudson.model.Hudson.Read:authenticated</permission>
>     <permission>hudson.model.Item.Build:anonymous</permission>
>     <permission>hudson.model.Item.Build:authenticated</permission>
>     <permission>hudson.model.Item.Configure:anonymous</permission>
>     <permission>hudson.model.Item.Configure:authenticated</permission>
>     <permission>hudson.model.Item.Create:anonymous</permission>
>     <permission>hudson.model.Item.Create:authenticated</permission>
>     <permission>hudson.model.Item.Delete:anonymous</permission>
>     <permission>hudson.model.Item.Delete:authenticated</permission>
>     <permission>hudson.model.Item.Read:anonymous</permission>
>     <permission>hudson.model.Item.Read:authenticated</permission>
>     <permission>hudson.model.Item.Workspace:anonymous</permission>
>     <permission>hudson.model.Item.Workspace:authenticated</permission>
>     <permission>hudson.model.View.Configure:anonymous</permission>
>     <permission>hudson.model.View.Configure:authenticated</permission>
>     <permission>hudson.model.View.Create:anonymous</permission>
>     <permission>hudson.model.View.Create:authenticated</permission>
>     <permission>hudson.model.View.Delete:anonymous</permission>
>     <permission>hudson.model.View.Delete:authenticated</permission>
>   </authorizationStrategy>
>   <securityRealm class="hudson.security.LDAPSecurityRealm">
>     <server>ids.mot-mobility.com</server>
>     <rootDN>dc=motorola,dc=com</rootDN>
>     <inhibitInferRootDN>false</inhibitInferRootDN>
>     <userSearchBase></userSearchBase>
>     <userSearch>uid={0}</userSearch>
>     <managerPassword>THZNZEs5Nm1GZEtBUFNRZGh5VlIwZz09</managerPassword>
>   </securityRealm>
>   <markupFormatter class="hudson.markup.RawHtmlMarkupFormatter"/>
>   <jdks/>
>   <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
>   <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
>   <clouds/>
>   <slaves/>
>   <quietPeriod>5</quietPeriod>
>   <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
>   <views>
>     <hudson.model.AllView>
>       <owner class="hudson" reference="../../.."/>
>       <name>All</name>
>       <filterExecutors>false</filterExecutors>
>       <filterQueue>false</filterQueue>
>       <properties class="hudson.model.View$PropertyList"/>
>     </hudson.model.AllView>
>   </views>
>   <primaryView>All</primaryView>
>   <slaveAgentPort>0</slaveAgentPort>
>   <label></label>
>   <nodeProperties/>
>   <globalNodeProperties/>
> </hudson>
>
> Help!
>
> Lezz Giles
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/d1898245-33dd-463f-ba20-d0cf21fc89fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.