3
votes

I am using Jenkins with LDAP server as my Security Realm. Authorization type is set to "Project-based Matrix Authorization Strategy" (PBMAS). Authorization/LDAP themselves work as expected, but when I want to add a new user (to the table under PBMAS), Jenkins automatically adds the following two lines to its configuration file (located under /var/lib/jenkins/config.xml), to the <securityRealm> tag:

<managerDN>my_username</managerDN>
<managerPassword>caVSGEy5X7J=</managerPassword>

Password is made up, but the same format, managerDN contains my Jenkins (LDAP) username. Now, all subsequent login attempts fail with the following message (found in /var/log/jenkins/jenkins.log):

WARNING: Failed to search LDAP for username=my_username
org.acegisecurity.ldap.LdapDataAccessException: Failed to obtain
InitialDirContext due to unexpected exception; nested exception is
javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
( ... stacktrace continues ... )

Server is CentOS, Jenkins v1.550, LDAP plugin 1.8 (I know there are new versions but I'd rather not update if not necessary, especially because it is stated that the new version is not compatible with the current version).

Can I somehow resolve this issue so that these lines are not automatically added to Jenkins configuration when I add new users (I need to give each user Overall Read permissions because otherwise they don't see anything and get an error upon logging in)?

1

1 Answers

6
votes

Just had the same issue in my environment as I added a user and couldn't find why it broke authentication for all others.

It looks like a bug in the LDAP plugin as you hit save it assumes that your logged in user is also the user to query the ldap. If your ldap is not requiring any admin user and password, you should delete these credentials from the advanced options under LDAP realm and you are good to go.