Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-7995

CLI login & credentials do not work with AD

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      Win2k8 & Win2k3, Hudson 1.382 and prior, AD plugin 1.16, jdk1.6.0_17
    • Similar Issues:

      Description

      --username and --password or --password-file options are not usable when trying to use the command line interface with active directory. Receive 'option' not valid error.

      Below link recommened a fix per authentication plugin.
      http://wiki.jenkins-ci.org/display/JENKINS/Hudson+CLI

      "If the CLI reports these are invalid parameters, file an issue for your authentication type and ask them to extend AbstractPasswordBasedSecurityRealm instead of directly from SecurityRealm to get support for these parameters."

      Thanks

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Kohsuke Kawaguchi
            Path:
            src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
            src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
            src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            http://jenkins-ci.org/commit/active-directory-plugin/4aa2ca82f7e25a9178072886e3564860f12cc97c
            Log:
            JENKINS-7995 pulled up a member

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/4aa2ca82f7e25a9178072886e3564860f12cc97c Log: JENKINS-7995 pulled up a member
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Kohsuke Kawaguchi
            Path:
            src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
            src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
            src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            http://jenkins-ci.org/commit/active-directory-plugin/e8de31544da2aa61bc330954be047fcc161e5fd9
            Log:
            [FIXED JENKINS-7995] pull up another member, and supported user retrieval in the Unix provider so long as bind name/DN is set.

            Compare: https://github.com/jenkinsci/active-directory-plugin/compare/46165c1...e8de315

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/e8de31544da2aa61bc330954be047fcc161e5fd9 Log: [FIXED JENKINS-7995] pull up another member, and supported user retrieval in the Unix provider so long as bind name/DN is set. Compare: https://github.com/jenkinsci/active-directory-plugin/compare/46165c1...e8de315
            Hide
            dogfood dogfood added a comment -

            Integrated in plugins_active-directory #41
            JENKINS-7995 Extending from AbstractPasswordBasedSecurityRealm to benefit from uniform CLI authentication.
            JENKINS-7995 pulled up a member
            [FIXED JENKINS-7995] pull up another member, and supported user retrieval in the Unix provider so long as bind name/DN is set.

            Kohsuke Kawaguchi :
            Files :

            • src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java

            Kohsuke Kawaguchi :
            Files :

            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java

            Kohsuke Kawaguchi :
            Files :

            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            • src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
            Show
            dogfood dogfood added a comment - Integrated in plugins_active-directory #41 JENKINS-7995 Extending from AbstractPasswordBasedSecurityRealm to benefit from uniform CLI authentication. JENKINS-7995 pulled up a member [FIXED JENKINS-7995] pull up another member, and supported user retrieval in the Unix provider so long as bind name/DN is set. Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
            Hide
            ricktw Rick Oosterholt added a comment -

            Thanks a lot!

            Show
            ricktw Rick Oosterholt added a comment - Thanks a lot!
            Hide
            tommy_wan Tommy Wan added a comment -

            We encounter a strange issue about using AD to login Jenkins - 2 users (User1 and User2) belong to the same group (GroupA), yet
            User1 can successfully login while User2 failed.

            Any idea?
            =====================================
            Login successful: User1 dn=CN=User1,OU=GroupA,OU=Company Users,DC=Company,DC=ca

            Dec 02, 2013 9:35:44 AM FINE hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider

            Login failure: Incorrect password for User2 DN=CN=User2,OU=GroupA,OU=Company Users,DC=Company,DC=ca: error=8007052E
            com4j.ComException: 8007052e Logon failure: unknown user name or bad password. : Logon failure: unknown user name or bad password.
            : .\invoke.cpp:517
            at com4j.Wrapper.invoke(Wrapper.java:166)
            at $Proxy48.openDSObject(Unknown Source)
            at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:92)
            at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
            at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
            at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
            at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
            at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)

            Show
            tommy_wan Tommy Wan added a comment - We encounter a strange issue about using AD to login Jenkins - 2 users (User1 and User2) belong to the same group (GroupA), yet User1 can successfully login while User2 failed. Any idea? ===================================== Login successful: User1 dn=CN=User1,OU=GroupA,OU=Company Users,DC=Company,DC=ca Dec 02, 2013 9:35:44 AM FINE hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider Login failure: Incorrect password for User2 DN=CN=User2,OU=GroupA,OU=Company Users,DC=Company,DC=ca: error=8007052E com4j.ComException: 8007052e Logon failure: unknown user name or bad password. : Logon failure: unknown user name or bad password. : .\invoke.cpp:517 at com4j.Wrapper.invoke(Wrapper.java:166) at $Proxy48.openDSObject(Unknown Source) at hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:92) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)

              People

              • Assignee:
                Unassigned
                Reporter:
                vladdrussian VladDRussian
              • Votes:
                8 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: