I'm installing a new Jenkins server (let's name it "A") and my LDAP authentication runs into the error
"[LDAP: error code 50 - You do not have sufficient privileges to perform an unindexed search"
The LDAP configration is identically to another Jenkins installation (version 1.642.2, let's name it "B") in the same network where LDAP works fine (Due to security reasons, I can't give exact names below)
- Server: ldaps://server.domain:port
- root DN: dc=XXX,dc=com
- User search base: ou=people
- User search filter: uid={0}
- Manager DN: uid=XYZ,ou=people,dc=XXX,dc=com
- Manager Password: ****
Group search base and Group search filte are not defined
The server "A" has currently no openldap2-client package installed. So I can't test on the command line on server "A".
When testing on server "B", the following query returns successfully:
ldapsearch -x -D "uid=XYZ,ou=people,dc=XXX,dc=com" -W -H ldaps://server.domain:port 'uid=myAccount'
Without giving the account to search for
ldapsearch -x -D "uid=XYZ,ou=people,dc=XXX,dc=com" -W -H ldaps://server.domain:port
returns the same error as I get in Jenkins on "A": "[LDAP: error code 50 - You do not have sufficient privileges to perform an unindexed search". This works as expected, indeed.
So I assume, that somehow the User search filter uid={0}
in Jenkins "A" isn't interpreted correctly.
I created a new log recorder in Jenkins for the "hudson.security.LDAPSecurityRealm" with priority "All", but it doesn't give more information about the LDAP query.
Any hints what could be wrong here?