Zac Harvey
2011-12-14 19:01:34 UTC
I am trying to set up Jenkins to authenticate using our AD domain over
LDAP. I have been working with the Systems Group trying to configure
all of the settings under Manage Jenkins >> Configure System >> Access
Control. We finally have all the settings configured correctly (at
least, in the eyes of the Systems people), and we are not getting any
red validation errors in the GUI. However I still cannot login via
LDAP/AD. Below is the console output. Any nudges in the right
direction are enormously appreciated!
Console Output:
Dec 14, 2011 1:47:21 PM
hudson.security.AuthenticationProcessingFilter2
onUnsuccessfulAuthentication
INFO: Login attempt failed
org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; nested exception is javax.naming.NameNotFoundException: [LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'; nested exception is
org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; nested exception is javax.naming.NameNotFoundException: [LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'
at
org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:
238)
at
org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:
119)
at
org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:
195)
at
org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:
45)
at
org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:
71)
at
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:
252)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:
173)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:
249)
at
hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:
66)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at
hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:
76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
210)
at
hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:
81)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
224)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
185)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:
472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
151)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
100)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
929)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
405)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
269)
at org.apache.coyote.AbstractProtocol
$AbstractConnectionHandler.process(AbstractProtocol.java:515)
at org.apache.tomcat.util.net.JIoEndpoint
$SocketProcessor.run(JIoEndpoint.java:302)
at java.util.concurrent.ThreadPoolExecutor
$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor
$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.acegisecurity.ldap.LdapDataAccessException:
LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031001E4,
problem 2001 (NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; nested exception is javax.naming.NameNotFoundException: [LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'
at org.acegisecurity.ldap.LdapTemplate
$LdapExceptionTranslator.translate(LdapTemplate.java:295)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)
at
org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:
246)
at
org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:
119)
at
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:
71)
at
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:
49)
at
org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:
233)
... 34 more
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 -
0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0,
best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1766)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:
394)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:
376)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:
358)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:
267)
at org.acegisecurity.ldap.LdapTemplate
$3.doInDirContext(LdapTemplate.java:249)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
... 39 more
LDAP. I have been working with the Systems Group trying to configure
all of the settings under Manage Jenkins >> Configure System >> Access
Control. We finally have all the settings configured correctly (at
least, in the eyes of the Systems people), and we are not getting any
red validation errors in the GUI. However I still cannot login via
LDAP/AD. Below is the console output. Any nudges in the right
direction are enormously appreciated!
Console Output:
Dec 14, 2011 1:47:21 PM
hudson.security.AuthenticationProcessingFilter2
onUnsuccessfulAuthentication
INFO: Login attempt failed
org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; nested exception is javax.naming.NameNotFoundException: [LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'; nested exception is
org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; nested exception is javax.naming.NameNotFoundException: [LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'
at
org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:
238)
at
org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:
119)
at
org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:
195)
at
org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:
45)
at
org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:
71)
at
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:
252)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:
173)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:
249)
at
hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:
66)
at hudson.security.ChainedServletFilter
$1.doFilter(ChainedServletFilter.java:87)
at
hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:
76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
210)
at
hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:
81)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
224)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
185)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:
472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
151)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
100)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
929)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
405)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
269)
at org.apache.coyote.AbstractProtocol
$AbstractConnectionHandler.process(AbstractProtocol.java:515)
at org.apache.tomcat.util.net.JIoEndpoint
$SocketProcessor.run(JIoEndpoint.java:302)
at java.util.concurrent.ThreadPoolExecutor
$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor
$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.acegisecurity.ldap.LdapDataAccessException:
LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031001E4,
problem 2001 (NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; nested exception is javax.naming.NameNotFoundException: [LDAP:
error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'
at org.acegisecurity.ldap.LdapTemplate
$LdapExceptionTranslator.translate(LdapTemplate.java:295)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)
at
org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:
246)
at
org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:
119)
at
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:
71)
at
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:
49)
at
org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:
233)
... 34 more
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 -
0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0,
best match of:
'DC=MYPROJECT,DC=COM'
]; remaining name 'dc=myproject,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1766)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:
394)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:
376)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:
358)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:
267)
at org.acegisecurity.ldap.LdapTemplate
$3.doInDirContext(LdapTemplate.java:249)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
... 39 more