javax.naming.InvalidNameException: [LDAP: error code 34 - Incorrect DN given : admin@dc=example,dc=com (0x73 0x79 0x73 0x61 0x64 0x6D 0x69 0x6E 0x40 0x64 0x63 0x3D 0x70 0x75 0x70 0x70 0x75 0x74 0x2C 0x64 0x63 0x3D 0x63 0x6F 0x6D ) is invalid]

Stack Overflow | FoufaFaFa | 2 months ago
  1. 0

    LDAP: error code 34 - Incorrect DN given

    Stack Overflow | 2 months ago | FoufaFaFa
    javax.naming.InvalidNameException: [LDAP: error code 34 - Incorrect DN given : admin@dc=example,dc=com (0x73 0x79 0x73 0x61 0x64 0x6D 0x69 0x6E 0x40 0x64 0x63 0x3D 0x70 0x75 0x70 0x70 0x75 0x74 0x2C 0x64 0x63 0x3D 0x63 0x6F 0x6D ) is invalid]
  2. 0

    Authentication for a LDAP user with a '/' in CN fails with a similar exception: {noformat} performing search: (CN=another/one) on dc=atlassian,dc=com (authenticated) LDAP: Initial connect and search successful, but authenticating user as '"cn=another/one,ou=users",dc=atlassian,dc=com' failed. javax.naming.InvalidNameException - [LDAP: error code 34 - Incorrect DN given : "cn=another/one,ou=users",dc=atlassian,dc=com (0x22 0x63 0x6E 0x3D 0x61 0x6E 0x6F 0x74 0x68 0x65 0x72 0x2F 0x6F 0x6E 0x65 0x2C 0x6F 0x75 0x3D 0x75 0x73 0x65 0x72 0x73 0x22 0x2C 0x64 0x63 0x3D 0x61 0x74 0x6C 0x61 0x73 0x73 0x69 0x61 0x6E 0x2C 0x64 0x63 0x3D 0x63 0x6F 0x6D ) is invalid] LDAP password check for another/one in 7ms {noformat} where cn='another/one' Logs: {quote} 12:37:18 ERROR - LDAP: Initial connect and search successful, but authenticating user as '"cn=another/one,ou=users",dc=atlassian,dc=com' failed. javax.naming.InvalidNameException: [LDAP: error code 34 - Incorrect DN given : "cn=another/one,ou=users",dc=atlassian,dc=com (0x22 0x63 0x6E 0x3D 0x61 0x6E 0x6F 0x74 0x68 0x65 0x72 0x2F 0x6F 0x6E 0x65 0x2C 0x6F 0x75 0x3D 0x75 0x73 0x65 0x72 0x73 0x22 0x2C 0x64 0x63 0x3D 0x61 0x74 0x6C 0x61 0x73 0x73 0x69 0x61 0x6E 0x2C 0x64 0x63 0x3D 0x63 0x6F 0x6D ) is invalid] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2926) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.InitialContext.<init>(InitialContext.java:197) at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82) {quote}

    Atlassian JIRA | 6 years ago | Piotr Swiecicki [Atlassian]
    javax.naming.InvalidNameException: [LDAP: error code 34 - Incorrect DN given : "cn=another/one,ou=users",dc=atlassian,dc=com (0x22 0x63 0x6E 0x3D 0x61 0x6E 0x6F 0x74 0x68 0x65 0x72 0x2F 0x6F 0x6E 0x65 0x2C 0x6F 0x75 0x3D 0x75 0x73 0x65 0x72 0x73 0x22 0x2C 0x64 0x63 0x3D 0x61 0x74 0x6C 0x61 0x73 0x73 0x69 0x61 0x6E 0x2C 0x64 0x63 0x3D 0x63 0x6F 0x6D ) is invalid]
  3. 0

    Authentication for a LDAP user with a '/' in CN fails with a similar exception: {noformat} performing search: (CN=another/one) on dc=atlassian,dc=com (authenticated) LDAP: Initial connect and search successful, but authenticating user as '"cn=another/one,ou=users",dc=atlassian,dc=com' failed. javax.naming.InvalidNameException - [LDAP: error code 34 - Incorrect DN given : "cn=another/one,ou=users",dc=atlassian,dc=com (0x22 0x63 0x6E 0x3D 0x61 0x6E 0x6F 0x74 0x68 0x65 0x72 0x2F 0x6F 0x6E 0x65 0x2C 0x6F 0x75 0x3D 0x75 0x73 0x65 0x72 0x73 0x22 0x2C 0x64 0x63 0x3D 0x61 0x74 0x6C 0x61 0x73 0x73 0x69 0x61 0x6E 0x2C 0x64 0x63 0x3D 0x63 0x6F 0x6D ) is invalid] LDAP password check for another/one in 7ms {noformat} where cn='another/one' Logs: {quote} 12:37:18 ERROR - LDAP: Initial connect and search successful, but authenticating user as '"cn=another/one,ou=users",dc=atlassian,dc=com' failed. javax.naming.InvalidNameException: [LDAP: error code 34 - Incorrect DN given : "cn=another/one,ou=users",dc=atlassian,dc=com (0x22 0x63 0x6E 0x3D 0x61 0x6E 0x6F 0x74 0x68 0x65 0x72 0x2F 0x6F 0x6E 0x65 0x2C 0x6F 0x75 0x3D 0x75 0x73 0x65 0x72 0x73 0x22 0x2C 0x64 0x63 0x3D 0x61 0x74 0x6C 0x61 0x73 0x73 0x69 0x61 0x6E 0x2C 0x64 0x63 0x3D 0x63 0x6F 0x6D ) is invalid] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2926) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.InitialContext.<init>(InitialContext.java:197) at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82) {quote}

    Atlassian JIRA | 6 years ago | Piotr Swiecicki [Atlassian]
    javax.naming.InvalidNameException: [LDAP: error code 34 - Incorrect DN given : "cn=another/one,ou=users",dc=atlassian,dc=com (0x22 0x63 0x6E 0x3D 0x61 0x6E 0x6F 0x74 0x68 0x65 0x72 0x2F 0x6F 0x6E 0x65 0x2C 0x6F 0x75 0x3D 0x75 0x73 0x65 0x72 0x73 0x22 0x2C 0x64 0x63 0x3D 0x61 0x74 0x6C 0x61 0x73 0x73 0x69 0x61 0x6E 0x2C 0x64 0x63 0x3D 0x63 0x6F 0x6D ) is invalid]
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    It appears that Active Directory (and presumably LDAP) authentication fails if the user is a member of a group with special characters in the name. Realistically, retrieveUser fails which makes it look like an authentication issue. To resolve this, the DN of the group needs to be properly escaped before calling context.getAttributes(dn). This is probably related to the incomplete fix applied in JENKINS-3249 (https://issues.jenkins-ci.org/browse/JENKINS-3249). The group that is failing is one we use to test our own LDAP code. It is named: test,+"\<>;=/role Here is the log information related to the authentication failure (with identifying data replaced): Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Exhausted all configured domains and could not authenticat against any. Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Credential exception tying to authenticate against EXAMPLE.COM domain org.acegisecurity.BadCredentialsException: Failed to retrieve user information for example.user; nested exception is javax.naming.InvalidNameException: "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0]; remaining name '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:180) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: javax.naming.InvalidNameException: "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0]; remaining name '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1309) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:223) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:172) ... 37 more Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Failed to retrieve user information for example.user javax.naming.InvalidNameException: "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0]; remaining name '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1309) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:223) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:172) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider resolveGroups FINE: Example User is a member of CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider resolveGroups FINE: Example User is a member of CN=Working Example,OU=Groups,DC=Example,DC=com Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser FINE: Failed to find example.user in userPrincipalName. Trying sAMAccountName Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl bind FINE: Bound to b-ad-01.example.com:3269 Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl bind WARNING: Failed to bind to 10.10.10.10:389 javax.naming.CommunicationException: simple bind failed: 10.10.10.10:389 [Root exception is java.net.SocketException: Connection reset] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:293) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:142) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:168) at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293) at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:396) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192) ... 43 more Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl obtainLDAPServer FINE: _gc._tcp.EXAMPLE.COM resolved to [b-ad-01.example.com:3269, b-ad-01.example.com:3269, c-ad-01.example.com:3269, v-ad-01.example.com:3269, j-ad-01.example.com:3269, s-ms-ad-01.example.com:3269, b-ms-ad-01.example.com:3269] Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl obtainLDAPServer FINE: Attempting to resolve _gc._tcp.EXAMPLE.COM to SRV record

    Jenkins JIRA | 5 years ago | Jarrett Taylor
    org.acegisecurity.BadCredentialsException: Failed to retrieve user information for example.user; nested exception is javax.naming.InvalidNameException: "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0]; remaining name '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"'
  6. 0

    [JENKINS-12907] Active Directory/LDAP group with special characters causes authentication/retrieveUser to fail - Jenkins JIRA

    jenkins-ci.org | 1 year ago
    javax.naming.InvalidNameException: "CN=test\,+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0] ; remaining name '"CN=test\,+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"'

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. javax.naming.InvalidNameException

      [LDAP: error code 34 - Incorrect DN given : admin@dc=example,dc=com (0x73 0x79 0x73 0x61 0x64 0x6D 0x69 0x6E 0x40 0x64 0x63 0x3D 0x70 0x75 0x70 0x70 0x75 0x74 0x2C 0x64 0x63 0x3D 0x63 0x6F 0x6D ) is invalid]

      at com.sun.jndi.ldap.LdapCtx.processReturnCode()
    2. Java RT
      LdapCtx.connect
      1. com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3076)
      2. com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
      3. com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
      3 frames