Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17692

Active Directory Plugin - Fails to retreive users with swedish characters in full name

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      Ubuntu 12.0.4 LTS, Jenkins 1.512, Active Directory Plugin 1.31
    • Similar Issues:

      Description

      I've added the AD Plugin 1.31 to my Jenkins installation and it works as long as my users don't have swedish characters in their full name in the AD. For example, username test.testsson with full name Test Testsson will work just fine. Username bjorn.borg with full name Björn Borg will fail.

      I'm pretty sure this has something to do with it:
      CN=Bj\u00F6mrn Borg,OU=Users,DC=my,DC=Domain

      If I change Björns full name to "Bjorn Borg" in AD, it works just fine:
      CN=Bjorn Borg,OU=Users,DC=my,DC=Domain

      Is there a work-around or a fix?

      /Jocke

      Here is a Log example:

      Apr 22, 2013 10:20:44 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: Connecting to ldap://server.my.domain:3268/

      Apr 22, 2013 10:20:44 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: _gc._tcp.my.domain resolved to [server.my.domain:3268]

      Apr 22, 2013 10:20:44 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: SRV record found: 0 100 3268 server.my.domain.

      Apr 22, 2013 10:20:44 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm
      FINE: Attempting to resolve _gc._tcp.my.domain to SRV record

      Apr 22, 2013 10:20:17 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      FINE: Failed toretrieve user bjorn.borg
      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for bjorn.borg; nested exception is javax.naming.InvalidNameException: CN=Bj\u00F6mrn Borg,OU=Users,DC=my,DC=domain: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name 'CN=Bj\u00F6mrn Borg,OU=Users,DC=my,DC=domain'
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:309)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
      at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
      at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
      at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
      at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
      at java.util.concurrent.FutureTask.run(FutureTask.java:166)
      at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:722)
      Caused by: javax.naming.InvalidNameException: CN=Bj\u00F6mrn Borg,OU=Users,DC=my,DC=domain: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name 'CN=Bj\u00F6mrn Borg,OU=Users,DC=my,DC=Domain'
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3025)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
      at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1332)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:373)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:293)
      ... 35 more

        Attachments

          Issue Links

            Activity

            Hide
            heinzepreller heinzepreller added a comment -

            We are facing the same Issue with german Umlauts in the Full AD Name. I can't tell if Umlauts in the login name work but if someone has the Login "Benjamin" and his full name is "Benjamin Blümchen" ist doesn't work.

            Show
            heinzepreller heinzepreller added a comment - We are facing the same Issue with german Umlauts in the Full AD Name. I can't tell if Umlauts in the login name work but if someone has the Login "Benjamin" and his full name is "Benjamin Blümchen" ist doesn't work.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Marc Schoechlin
            Path:
            src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            http://jenkins-ci.org/commit/active-directory-plugin/77ab72e11eac474f09a8f484f2ebc7589a6350b3
            Log:
            Reverted 45987d2e/tbarbieri

            Login in with german umlauts in the distinguished name ist not possible
            anyore. We tested sucessfully the revert with our setup.
            See also: JENKINS-17692

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Marc Schoechlin Path: src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/77ab72e11eac474f09a8f484f2ebc7589a6350b3 Log: Reverted 45987d2e/tbarbieri Login in with german umlauts in the distinguished name ist not possible anyore. We tested sucessfully the revert with our setup. See also: JENKINS-17692
            Hide
            scoopex Marc Schoechlin added a comment -

            It seems that commit 45987d2e/tbarbieri breaks handling with german umlauts in the destinguished name(dn).

            I reverted the the change by 77ab72e11eac474f09a8f484f2ebc7589a6350b3.

            Show
            scoopex Marc Schoechlin added a comment - It seems that commit 45987d2e/tbarbieri breaks handling with german umlauts in the destinguished name(dn). I reverted the the change by 77ab72e11eac474f09a8f484f2ebc7589a6350b3.
            Hide
            kohsuke Kohsuke Kawaguchi added a comment -

            This problem was fixed in 1.32.

            Show
            kohsuke Kohsuke Kawaguchi added a comment - This problem was fixed in 1.32.

              People

              • Assignee:
                kohsuke Kohsuke Kawaguchi
                Reporter:
                jockepihlstrom Jocke Pihlström
              • Votes:
                5 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: