Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47133

Anonymous binding doesn't retrieve the user groups

XMLWordPrintable

      Configuring the Active directory security realm without setting the property Bind DN will cause to fail while retrieving the groups.

      Though you are able to authenticate, if you access to $JENKINS_URL/user/$USERNAME/ you will get an exception like

      sep 26, 2017 1:21:19 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1 call
WARNING: Failed to retrieve user information for ${USERNAME}
javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'DC=samdom,DC=example,DC=com'
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3175)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
	at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:120)
	at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:85)
	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:386)
	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:341)
	at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767)
	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
	at com.google.common.cache.LocalCache.get(LocalCache.java:3965)
	at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764)
	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:341)
	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:304)
	at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:226)
	at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:55)
	at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:831)
	at hudson.model.User.impersonate(User.java:256)

      and the Jenkins GUI will show the groups field empty.

            fbelzunc Félix Belzunce Arcos
            dariver Darío Villadiego
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: