Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17803

AD plugin 1.3.1 doesn't handle non-ascii names correctly

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      We just upgraded AD plugin to 1.3.1.
      Now I am unable to log in, it seems to be due to my surname containing an 'é'.
      Verified by downgrading to 1.3.0, then all is well.

      Here is the log:

      org.acegisecurity.BadCredentialsException: Failed to retrieve user information for jcronje; nested exception is javax.naming.InvalidNameException: CN=Johan Cronj\u00E9,OU=Internal,OU=Users,OU=EMSS,DC=<domain>,DC=<>,DC=<>: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name 'CN=Johan Cronj\u00E9,OU=Internal,OU=Users,OU=EMSS,DC=<>,DC=<>,DC=<>'
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:309)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:193)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:137)
      	at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
      	at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
      	at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
      	at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
      	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
      	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      	at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      	at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
      	at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
      	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:166)
      	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
      	at java.lang.Thread.run(Thread.java:636)
      Caused by: javax.naming.InvalidNameException: CN=Johan Cronj\u00E9,OU=Internal,OU=Users,OU=EMSS,DC=<>,DC=<>,DC=<>: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name 'CN=Johan Cronj\u00E9,OU=Internal,OU=Users,OU=EMSS,DC=<>,DC=<>,DC=<>'
      	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2970)
      	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
      	at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1322)
      	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)
      	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
      	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:373)
      	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:293)
      	... 35 more
      Apr 30, 2013 3:50:23 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
      WARNING: Credential exception tying to authenticate against <domain> domain
      

        Attachments

          Issue Links

            Activity

            There are no comments yet on this issue.

              People

              • Assignee:
                Unassigned
                Reporter:
                cronhan Johan Cronje
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: