-
Bug
-
Resolution: Not A Defect
-
Major
-
None
-
Hudson 1.386, ubuntu 10.04
I created a Hudson site on ubuntu, and config the access control using LDAP.
The LDAP configuration is set according following set which is used in our apache server(I use 'company' replace our company name):
"ldap://ids.company.com:389/ou=People,ou=Intranet,dc=company,dc=com?uid?sub?(objectClass=*)"
Here's the Hudson config:
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
<securityRealm class="hudson.security.LDAPSecurityRealm">
<server>ldap://ids.company.com:389</server>
<rootDN>dc=company,dc=com</rootDN>
<userSearchBase>ou=people,ou=intranet</userSearchBase>
<userSearch>uid=
</userSearch>
</securityRealm>
bug got error info:
"
an 11, 2011 9:51:13 AM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication
INFO: Login attempt failed
org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP: error code 50 - Search access not permitted with that filter]; nested exception is javax.naming.NoPermissionException: [LDAP: error code 50 - Search access not permitted with that filter]; remaining name ''; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;[LDAP: error code 50 - Search access not permitted with that filter]; nested exception is javax.naming.NoPermissionException: [LDAP: error code 50 - Search access not permitted with that filter]; remaining name ''
at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238)
at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
at java.lang.Thread.run(Thread.java:662)
"
I have checked our company about the LDAP policy, it's no need to give the bind db via intranet, so can anyone help me about this problem?
Thank you in advance!
