• DevOpsKubeSphere-2.1

  • 2.1 安装可插拔组件Devops后,Jenkins 使用 admin 无法登陆,Failed to bind to LDAP

2.1 安装可插拔组件Devops后,Jenkins 使用 admin 无法登陆,Failed to bind to LDAP: userDnuid=admin,ou=Users,dc=kubesphere,dc=io username=admin

ks-jenkins 日志如下:
2020-03-03 18:29:17.628: WARNING: Failed to bind to LDAP: userDnuid=admin,ou=Users,dc=kubesphere,dc=io username=admin
2020-03-03 18:29:17.628: at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
2020-03-03 18:29:17.628: at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
2020-03-03 18:29:17.628: at org.acegisecurity.ldap.LdapTemplate.retrieveEntry(LdapTemplate.java:165)
2020-03-03 18:29:17.628: at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
2020-03-03 18:29:17.628: at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
2020-03-03 18:29:17.628: at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
2020-03-03 18:29:17.628: at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
2020-03-03 18:29:17.628: at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:123)
2020-03-03 18:29:17.628: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
2020-03-03 16:28:44.091: at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
2020-03-03 16:28:44.091: at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)
2020-03-03 16:28:44.091: at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
2020-03-03 16:28:44.091: at org.acegisecurity.ldap.LdapTemplate.retrieveEntry(LdapTemplate.java:165)
2020-03-03 16:28:44.091: at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
2020-03-03 16:28:44.091: at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
2020-03-03 16:28:44.091: at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
2020-03-03 16:28:44.091: at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:123)
2020-03-03 16:28:44.091: at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
2020-03-03 16:28:44.091: at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
2020-03-03 16:28:44.091: at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
2020-03-03 16:28:44.091: at hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager.authenticate(LDAPSecurityRealm.java:997)

进入 ns kubesphere-system 下的 ks-installer-XXXXX pod, 查看下 /kubesphere/results/devops/devops/stdout 的安装日志有什么问题吗

8 个月 后

开启之后首次登陆也是拒绝访问

WARNING: Failed to bind to LDAP: userDnuid=admin,ou=Users,dc=kubesphere,dc=io username=admin
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.InitialContext.(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.(InitialDirContext.java:101)
at org.acegisecurity.ldap.DefaultInitialDirContextFactory.connect(DefaultInitialDirContextFactory.java:180)
at org.acegisecurity.ldap.DefaultInitialDirContextFactory.newInitialDirContext(DefaultInitialDirContextFactory.java:261)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:123)
at org.acegisecurity.ldap.LdapTemplate.retrieveEntry(LdapTemplate.java:165)
at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.bindWithDn(BindAuthenticator.java:87)
at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:72)
at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49)
at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)
at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
at hudson.security.LDAPSecurityRealm$LDAPAuthenticationManager.authenticate(LDAPSecurityRealm.java:997)
at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)

at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)

at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)

at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)

at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)

at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)

at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)

at org.eclipse.jetty.server.Server.handle(Server.java:502)

at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)

at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)

at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)

at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)

at java.lang.Thread.run(Thread.java:748)

wenzh Invalid Credentials 这是密码输错了, 用登录 kubesphere 的密码

      2 年 后

      我也遇到了同样的问题,找到解决办法了没

      2 年 后