Issue
-
After updating to 2.277.1.2 or above, authentication to the Jenkins host fails and you are essentially locked out. The following stack trace may be observed, note the
%20
URL encoding errors :
Caused: org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 32 - The entry specified as the search base does not exist in the Directory Server]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - The entry ou=***%20**e,ou=D specified as the search base does not exist in the Directory Server]; remaining name '/' at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:190) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:81) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) at hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager.authenticate(LDAPSecurityRealm.java:989) at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:85) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:222) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
Environment
-
CloudBees Jenkins Operations Center (CJOC)
-
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
Explanation
As of the March release of 2.277.1.2, updates to Spring Security will break the packaged version of the LDAP plugin (2.4) if there are special characters or spaces that exist in your LDAP configuration.
Resolution
This issue has been resolved in the 2.7 version of the LDAP plugin, which is currently slated for our July release as packaged with CAP. In order to mitigate this issue in the interim, please follow these instructions:
1.) Disable security to regain access to the environment post update.
2.) Manually upload version 2.7 of the LDAP plugin.