Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-4268

AD authentication does not try other domain controllers

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      Platform: All, OS: SunOS
    • Similar Issues:

      Description

      If one of domain contollers is not available (or there is a wrong entry in SRV
      records in DNS), and Hudson receives such name from DNS, it tries to bind to
      LDAP with this one domain controller only and does not even try to fall back to
      other domain controllers listed in SRV records.

      Expected behavior: When UnknownHostException (or CommunicationException) is
      caught, retry binding with another domain controller listed in SRV records.

      Below is a stack trace from console when this problem happens. Note that
      <domain> is just a placeholder for a real domain name.

      Also there is a typo: "and could not authenticat against any" should read "and
      could not authenticate against any"

      Aug 19, 2009 1:50:08 PM
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      retrieveUser
      WARNING: Failed to bind to LDAP
      javax.naming.CommunicationException: zhk25dsdc11.<domain>.:389 [Root exception
      is java.net.UnknownHostException: zhk25dsdc11.<domain>.]
      at com.sun.jndi.ldap.Connection.<init>(Connection.java:207)
      at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
      at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
      at
      com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
      at
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:102)
      at
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:73)
      at
      org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
      at
      org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
      at
      org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
      at
      org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
      at
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at
      hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:155)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at
      winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Thread.java:619)
      Caused by: java.net.UnknownHostException: zhk25dsdc11.<domain>.
      at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
      at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
      at java.net.Socket.connect(Socket.java:518)
      at java.net.Socket.connect(Socket.java:468)
      at java.net.Socket.<init>(Socket.java:365)
      at java.net.Socket.<init>(Socket.java:179)
      at com.sun.jndi.ldap.Connection.createSocket(Connection.java:349)
      at com.sun.jndi.ldap.Connection.<init>(Connection.java:184)
      ... 27 more
      Aug 19, 2009 1:50:08 PM
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      retrieveUser
      WARNING: Credential exception tying to authenticate against <domain> domain
      org.acegisecurity.BadCredentialsException: Either no such user 'akm022@<domain>'
      or incorrect password; nested exception is javax.naming.CommunicationException:
      zhk25dsdc11.<domain>.:389 [Root exception is java.net.UnknownHostException:
      zhk25dsdc11.<domain>.]
      at
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:107)
      at
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:73)
      at
      org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
      at
      org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
      at
      org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
      at
      org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
      at
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at
      hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at
      hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:155)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at
      winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Thread.java:619)
      Caused by: javax.naming.CommunicationException: zhk25dsdc11.<domain>.:389 [Root
      exception is java.net.UnknownHostException: zhk25dsdc11.<domain>.]
      at com.sun.jndi.ldap.Connection.<init>(Connection.java:207)
      at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
      at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
      at
      com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
      at
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:102)
      ... 20 more
      Caused by: java.net.UnknownHostException: zhk25dsdc11.<domain>.
      at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
      at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
      at java.net.Socket.connect(Socket.java:518)
      at java.net.Socket.connect(Socket.java:468)
      at java.net.Socket.<init>(Socket.java:365)
      at java.net.Socket.<init>(Socket.java:179)
      at com.sun.jndi.ldap.Connection.createSocket(Connection.java:349)
      at com.sun.jndi.ldap.Connection.<init>(Connection.java:184)
      ... 27 more
      Aug 19, 2009 1:50:08 PM
      hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
      retrieveUser
      WARNING: Exhausted all configured domains and could not authenticat against any.
      Aug 19, 2009 1:50:08 PM hudson.security.AuthenticationProcessingFilter2
      onUnsuccessfulAuthentication
      INFO: Login attempt failed

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              raspy Krzysztof Malinowski
            • Votes:
              2 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: