Hi, I am trying to authenticate Jenkins users using our corporate LDAP server (SSL connection) at ldaps://cerndc.cern.ch:636. However, when I try to login as "marc" I get a "javax.naming.CommunicationException: cern.ch:636 ".
Is it normal that the the address appearing in the excepiton does not include the "cerndc" prefix? I have tried to use the IP directly but I still get the same error message referring to "cern.ch:636". Do you know what am I doing wrong? My LDAP configuration parameters: * Server: ldaps://cerndc.cern.ch:636 * root DN: DC=cern,DC=ch * User search base: <empty> * User search filter: <empty> * Group search base: <empty> * Manager DN: cn=marc,ou=users,ou=Organic Units,DC=cern,DC=ch * Manager Password: <password> And here the full exception trace: Oct 2, 2012 3:25:37 PM hudson.security.AuthenticationProcessingFilter2 > onUnsuccessfulAuthentication > INFO: Login attempt failed > org.acegisecurity.AuthenticationServiceException: LdapCallback;null; > nested exception is javax.naming.PartialResultException [Root exception is > javax.naming.CommunicationException: cern.ch:636 [Root exception is > java.net.ConnectException: Connection refused]]; nested exception is > org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested > exception is javax.naming.PartialResultException [Root exception is > javax.naming.CommunicationException: cern.ch:636 [Root exception is > java.net.ConnectException: Connection refused]] > at > org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238) > at > org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) > at > org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) > at > org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) > at > org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) > at > org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) > at > hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) > at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) > at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) > at > org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50) > at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) > at > hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) > at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) > at winstone.RequestDispatcher.forward(RequestDispatcher.java:331) > at > winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215) > at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) > at java.util.concurrent.FutureTask.run(FutureTask.java:166) > at > winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) > at java.lang.Thread.run(Thread.java:679) > Caused by: org.acegisecurity.ldap.LdapDataAccessException: > LdapCallback;null; nested exception is javax.naming.PartialResultException > [Root exception is javax.naming.CommunicationException: cern.ch:636 [Root > exception is java.net.ConnectException: Connection refused]] > at > org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295) > at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128) > at > org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:246) > at > org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:119) > at > org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:71) > at > org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49) > at > org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233) > ... 33 more > Caused by: javax.naming.PartialResultException [Root exception is > javax.naming.CommunicationException: cern.ch:636 [Root exception is > java.net.ConnectException: Connection refused]] > at > com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:242) > at > com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189) > at > org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:251) > at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126) > ... 38 more > Caused by: javax.naming.CommunicationException: cern.ch:636 [Root > exception is java.net.ConnectException: Connection refused] > at > com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:92) > at > com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150) > at > com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:357) > at > com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:226) > ... 41 more > Caused by: java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:327) > at > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:193) > at > java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180) > at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384) > at java.net.Socket.connect(Socket.java:546) > at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:584) > at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:385) > at > sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:90) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:616) > at com.sun.jndi.ldap.Connection.createSocket(Connection.java:330) > at com.sun.jndi.ldap.Connection.<init>(Connection.java:200) > at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) > at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1598) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2643) > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:306) > at > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) > at > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:152) > at > com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52) > at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601) > at javax.naming.spi.NamingManager.processURL(NamingManager.java:381) > at > javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361) > at > javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333) > at > com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:111) > ... 44 more > > Oct 2, 2012 3:23:52 PM hudson.security.AuthenticationProcessingFilter2 > onUnsuccessfulAuthentication > INFO: Login attempt failed > org.acegisecurity.AuthenticationServiceException: LdapCallback;null; > nested exception is javax.naming.PartialResultException [Root exception is > javax.naming.CommunicationException: cern.ch:636 [Root exception is > java.net.ConnectException: Connection refused]]; nested exception is > org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested > exception is javax.naming.PartialResultException [Root exception is > javax.naming.CommunicationException: cern.ch:636 [Root exception is > java.net.ConnectException: Connection refused]] > at > org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238) > at > org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) > at > org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) > at > org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) > at > org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) > at > org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) > at > hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) > at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) > at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) > at > org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50) > at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) > at > hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) > at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) > at winstone.RequestDispatcher.forward(RequestDispatcher.java:331) > at > winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215) > at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) > at java.util.concurrent.FutureTask.run(FutureTask.java:166) > at > winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) > at java.lang.Thread.run(Thread.java:679) > Caused by: org.acegisecurity.ldap.LdapDataAccessException: > LdapCallback;null; nested exception is javax.naming.PartialResultException > [Root exception is javax.naming.CommunicationException: cern.ch:636 [Root > exception is java.net.ConnectException: Connection refused]] > at > org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295) > at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128) > at > org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:246) > at > org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:119) > at > org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:71) > at > org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49) > at > org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233) > ... 33 more > Caused by: javax.naming.PartialResultException [Root exception is > javax.naming.CommunicationException: cern.ch:636 [Root exception is > java.net.ConnectException: Connection refused]] > at > com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:242) > at > com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189) > at > org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:257) > at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126) > ... 38 more > Caused by: javax.naming.CommunicationException: cern.ch:636 [Root > exception is java.net.ConnectException: Connection refused] > at > com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:92) > at > com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150) > at > com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:357) > at > com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:226) > ... 41 more > Caused by: java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:327) > at > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:193) > at > java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180) > at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384) > at java.net.Socket.connect(Socket.java:546) > at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:584) > at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:385) > at > sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:90) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:616) > at com.sun.jndi.ldap.Connection.createSocket(Connection.java:330) > at com.sun.jndi.ldap.Connection.<init>(Connection.java:200) > at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) > at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1598) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2643) > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:306) > at > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) > at > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:152) > at > com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52) > at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601) > at javax.naming.spi.NamingManager.processURL(NamingManager.java:381) > at > javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361) > at > javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333) > at > com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:111) > ... 44 more Thanks, marc
