Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-12619

"Failed to test the validity of the user name" on all security matrices since upgrade

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Environment:
      Jenkins 1.450, plugin version 1.26
      Windows Server 2003, non-domain server
      Installed as local user
      Our Windows domain name specified in configuration as ourdomain.co.uk
    • Similar Issues:

      Description

      Upgraded plugin to version 1.26 just after upgrading Jenkins to 1.450

      Now get message "Failed to test the validity of the user name x" wherever there is a security checkbox matrix.

      Everything seems to work alright still as far as I can tell.

      Stack trace:
      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for x; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ourdomain,DC=co,DC=uk'
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:231)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:130)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:95)
      at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:27)
      at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:551)
      at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:304)
      at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
      at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:159)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
      at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Unknown Source)
      Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'DC=ourdomain,DC=co,DC=uk'
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
      at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
      at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:191)
      ... 63 more

        Attachments

          Issue Links

            Activity

            Hide
            potatopankakes Jeff Burke added a comment -

            I have these symptoms sporadically on Windows 2k8r2 w/Jenkins 1.519 and AD plugin v1.33. I am also using Role-based Authorization Strategy v 1.1.2. I can view the /role-strategy/assign-roles screen without errors, and then it will refresh w/some of the Active Directory groups replaced with "Failed to test validity of the user name" in red with the below call stack.

            Show
            potatopankakes Jeff Burke added a comment - I have these symptoms sporadically on Windows 2k8r2 w/Jenkins 1.519 and AD plugin v1.33. I am also using Role-based Authorization Strategy v 1.1.2. I can view the /role-strategy/assign-roles screen without errors, and then it will refresh w/some of the Active Directory groups replaced with "Failed to test validity of the user name" in red with the below call stack.
            Hide
            makareswar Makareswar Rout added a comment - - edited

            No error more

            Show
            makareswar Makareswar Rout added a comment - - edited No error more
            Hide
            makareswar Makareswar Rout added a comment -

            I was also experiencing the same issue.But I have fixed the same at Jenkin end.We need to do an extra setup as below :

            Manage Jenkins-> Configure Global Security -> Access Control -> Select Active Directory and in Advanced TAB do below changes.
            Domain NAme:domain name (example : Enterprisenet.org)
            Domain Controller :LDAP-Server ) (example:LDAP-OLDS.enterprisenet.org:3268)
            Bind DN: domain\userid
            Bind PAssword: ***************

            note : Site could be kept as blank.

            Test Result should be : Success

            Recently, I have added and the error is no more.

            Show
            makareswar Makareswar Rout added a comment - I was also experiencing the same issue.But I have fixed the same at Jenkin end.We need to do an extra setup as below : Manage Jenkins-> Configure Global Security -> Access Control -> Select Active Directory and in Advanced TAB do below changes. Domain NAme:domain name (example : Enterprisenet.org) Domain Controller :LDAP-Server ) (example:LDAP-OLDS.enterprisenet.org:3268) Bind DN: domain\userid Bind PAssword: *************** note : Site could be kept as blank. Test Result should be : Success Recently, I have added and the error is no more.
            Hide
            makareswar Makareswar Rout added a comment -

            Attached the screen shot before and after fixing.

            Show
            makareswar Makareswar Rout added a comment - Attached the screen shot before and after fixing.
            Hide
            davida2009 David Aldrich added a comment -

            Thanks for your notes Makarewar. We were able to fix our manifestation of this problem by specifying a BIND DN and BIND PASSWORD in Advanced settings, as you suggested. We left Domain Controller and Site blank, but did specify a Domain Name.

            Show
            davida2009 David Aldrich added a comment - Thanks for your notes Makarewar. We were able to fix our manifestation of this problem by specifying a BIND DN and BIND PASSWORD in Advanced settings, as you suggested. We left Domain Controller and Site blank, but did specify a Domain Name .

              People

              • Assignee:
                makareswar Makareswar Rout
                Reporter:
                tomfanning Tom Fanning
              • Votes:
                18 Vote for this issue
                Watchers:
                23 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: