Jenkins Active-Directory插件尝试使用不存在的用户@my-domain自动登录

Question

我通过groovy使用active-directory配置了我的jenkins。到目前为止，一切运行正常。只有一个问题仍然存在，那就是jenkins试图以某种默认用户自动和定期(或多或少每隔一分钟)登录AD。这个用户当然不存在，所以我的日志文件中充满了异常。我不知道如何避免这些登录尝试。

我总是不断地得到这个异常

Aug 09, 2019 1:41:48 PM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
WARNING: Credential exception trying to authenticate against <MY_DOMAIN> domain
org.acegisecurity.BadCredentialsException: Either no such user 'user@<MY_SERVER>' or incorrect password
        at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:614)
        at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:370)
        at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:340)
        at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767)
        at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
        at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
        at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
        at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
        at com.google.common.cache.LocalCache.get(LocalCache.java:3965)
        at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764)
        at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:340)
        at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:303)
        at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:225)
        at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
        at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
        at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
        at jenkins.security.BasicHeaderRealPasswordAuthenticator.authenticate(BasicHeaderRealPasswordAuthenticator.java:56)
        at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:79)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
        at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
        at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
        at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
        at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
        at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
        at org.eclipse.jetty.server.Server.handle(Server.java:502)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
        at java.lang.Thread.run(Thread.java:748)

通过ansible安装插件

# Jenkins master: install plugins
- name: Install Plugins on behalf of jenkins user {{jenkins_admin_user}}
  jenkins_plugin:
    name: "{{ item.key }}"
    url: http://<SERVERNAME>:8080
    url_username: "{{jenkins_admin_user}}"
    url_password: "{{jenkins_admin_pass}}"
  environment:
    http_proxy: http://<PROXY_USER>:<PROXY_PASS>@<PROXY_SERVER>:80
    https_proxy: http://<PROXY_USER>:<PROXY_PASS>@<PROXY_SERVER>:80
  register: plugin_result
  until: plugin_result is success
  retries: 10
  delay: 2
  with_items: # no version = latest
    - { key: "some-plugin"}
    - { key: "active-directory"}
    - { key: "some-other-plugin"}

用于设置AD连接的groovy脚本

#!groovy
import java.util.logging.Level
import java.util.logging.Logger
import jenkins.model.*
import hudson.plugins.active_directory.*

/*
 * Setup active directory connection.
 * No information other than domain name necessary.
 */
def instance = Jenkins.getInstance()
def log = Logger.getLogger(Jenkins.class.getName())

log.log(Level.INFO, "START - Create active directory realm")

final String domain = "<MY_DOMAIN>"
final String domainController = ""
final String site = ""
final String bindName = ""
final String bindPassword = ""
realm = new ActiveDirectorySecurityRealm(domain, site, bindName, bindPassword, domainController)
instance.setSecurityRealm(realm)
instance.save()

log.log(Level.INFO, "FINISHED - Create active directory realm")

<MY_DOMAIN>和<MY_SERVER>等的实际值是正确的。

有谁知道我如何摆脱这些不必要的登录尝试？谢谢你们，并致以最好的问候。塞巴斯蒂安

Answer 1

我不是Java开发人员，但根据我在网上找到的other Jetty stack traces，它看起来只是对HTTP请求的响应。

您确定这不只是使用错误凭据的HTTP请求吗？