Active Directory configuration problem [message #1110926] |
Tue, 17 September 2013 14:14 |
Jorge Campos Messages: 2 Registered: September 2013 |
Junior Member |
|
|
Hi Guys,
(sorry about my english)
I've installed Hudson version 3.0.1-b2 (deployed in a Apache Tomcat/7.0.42) on a Windows Server 2008 R2 Enterprise x64 and made all the configurations for my projects all working great until I had to configure AD to give permissions to the user to generate projects.
I've tried to configure a combination of Active Directory plus Matrix-based security. When I choose Security over AD "Active Directory" and inform my domain name and click on the "Test" button it give me "Success" message. After that I try to add on the matrix the users that I want to manage hudson but it gives me a ERROR message.
When I click on the "ERROR" link it show me a tomcat authorization error "HTTP Status 403". I know that 403 message is some kind of unauthorized access but I don't know where.
Then I went to tomcat logs and get theese exceptions (one of that error messages for user named fernandoneto):
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'DC=MYDOMAIN,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134)
at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:611)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:315)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:298)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:274)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:141)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:80)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:95)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:45)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:565)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:650)
at org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:365)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:565)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:650)
at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:187)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:45)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:565)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:650)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:481)
at org.kohsuke.stapler.Stapler.service(Stapler.java:152)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:86)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:78)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:81)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:45)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:116)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:73)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:157)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:70)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
17/09/2013 10:29:20 hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
AVISO: Credential exception tying to authenticate against MYDOMAIN.com domain
org.springframework.security.BadCredentialsException: Failed to retrieve user information for fernandoneto; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'DC=MYDOMAIN,DC=com'
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:306)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:190)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:134)
at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:611)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:315)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:298)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:274)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:141)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:80)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:95)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:45)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:565)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:650)
at org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:365)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:565)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:650)
at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:187)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:45)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:565)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:650)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:481)
at org.kohsuke.stapler.Stapler.service(Stapler.java:152)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:86)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:78)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:81)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:45)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:116)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:73)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:157)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:70)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'DC=MYDOMAIN,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:52)
at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:42)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:260)
... 75 more
The strange thing is that the user fernandoneto is able to login and use hudson normally but that error is a bit annoying.
So I tried to configure the domain controller of my network and after this I click on test button, now i get this stacktrace message:
javax.servlet.ServletException: java.lang.IllegalArgumentException: protocol = socket host = null
org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:607)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:650)
org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:365)
org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:565)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:650)
org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:187)
org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:45)
org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:565)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:650)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:481)
org.kohsuke.stapler.Stapler.service(Stapler.java:152)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:86)
hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:78)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:81)
hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:45)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:109)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:73)
hudson.security.HudsonFilter.doFilter(HudsonFilter.java:157)
hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:70)
But after that, even with this error the matrix shows me the users name normally, but the user are not able to login anymore I verified the log files and saw a error message saying that the user or the password doesn't exists.
So, I am a bit lost, am I missing something to configure here?
Any help would be appreciated
Thanks
Jorge Campos
|
|
|
|
|
|
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.95836 seconds