Log-in to Jenkins via LDAP fails

Question

We want to run two Jenkins instaces on the same server. To log in Jenkins (using version 1.595) web GUI we are using the LDAP plugin (version 1.11). "Project-based Matrix Authorization Strategy" is selected and my user is granted admin access here. So once I am able to login I have admin rights. The symbol to the left of the users added in the matirx shows a "little man" so the user seems to be found on LDAP.

• CASE 1: If I type in my credentials CORRECT I get redirected to the page that was open just before I clicked the "log in" button.
  • NOT good -> Without allowing anonymous user to administrate I have no chance of doing anything.
• CASE 2: If I type in them WRONG Jenkins tells me "Invalid login information. Please try again."
  • good -> as expected.

Also tried "Anyone can do anything" as security setting. Using this I do not get redirected to the login form, but to the last visited page from where i called the "login".

It does't matter what type of Internet Explorer I use. The result is always the same (Chrome, Firefox and Internet explorer were tested).

I already discussed with the colleague responsible for the LDAP maintenance. The incoming information are handled correctly (-> LDAP settings within Jenkins must be correct). But this fact is clear since wrong login information leads to "Invalid login information page", but correct login information do not.

Also made sure that the firewall makes no problems.

Do you have any idea why this is not working? Or what the reasons could be? Is it possible that there is kind of a "redirection link" for logins?

Answer 1

Hard to say from the information you've provided, but one thing to check is that the casing on your username exactly matches the name you have set up in matrix authentication. LDAP is not case sensitive but Jenkins is, which means that you can be authenticated successfully without having the administrative access you are expecting.

One way to proceed would be to add the 'authenticated' (case sensitive) user to your matrix with some limited permission set and see whether you are able to get past the login page.

Answer 2

I found one reason!

After deleting the environment variable JENKINS_HOME I was able to login into Jenkins... At least via localhost. Before even this login wasn't possible too. As we run two instaces of Jenkins on the same Server it seems like they want to use the variable both -> leads to failures. But if I try to login via network from another PC I still can't login (same as before). The variable JENKINS_HOME gets set (as before) within the jekins.xml in jenkins installation folder so the enironmentvariable is properbly not in need. I opend a new question, as this is now an Apache error.

I guess the reason why I can login via localhost, but not via network must be our Apache 2.2 server which is handling information wrong. By using localhost I can bypass Apache (-> works) but via network Apache gets used (-> don't work).

Link to the new question: Jenkins behind Apache Server / Can't log in Jenkins