I had some issues with Jenkins login using LDAP authentication plugin. Here is some ideas on how to debug the Jenkins as I take the LDAP plugin for example.
Resolution
1: Logic troubleshooting
The first choice we can go would be directly checking the LDAP group and User by using the methods that LDAP plugin supplies. Jenkins provides a way to run groovy script during initialization: Post-initialization script.
Take the example as following:
import jenkins.* import hudson.model.* import hudson.util.Secret import jenkins.model.* import hudson.security.* def instance = Jenkins.getInstance() String[] names = ["<LDAP Group>","<User ID>","xxxx"]; for (name in names) { println("Checking the name '" + name + "'...") try { println(" It is a USER: " + instance.securityRealm.loadUserByUsername(name)) println(" Has groups/authorities: " + instance.securityRealm.loadUserByUsername(name).getAuthorities()) } catch (Exception e) { try { println(" It is a GROUP: " + instance.securityRealm.loadGroupByGroupname(name)) println("") continue } catch (Exception e1) { println(" It is NOT a group, reason: " + e1.getMessage()) } println(" It is NOT a user, reason: " + e.getMessage()) } println(""); }
2: Setup logger
- Init groovy
Since Jenkins is a JAVA application, it supplies standard java.util.logging.Logger.
We can use the same post init script to create a script that set the logger appropriately.
$JENKINS_HOME/init.groovy.d/logging.groovy
import
java.util.logging.Level
import
java.util.logging.Logger
Logger.getLogger(
"hudson.security.LDAPSecurityRealm"
).setLevel(Level.SEVERE)
Logger.getLogger(
"hudson.security.SecurityRealm"
).setLevel(Level.SEVERE) Logger.getLogger(
"hudson.util.Secret"
).setLevel(Level.SEVERE)
- Logging properties
Also, you can create a file logging.properties
in which you define the logging levels and a ConsoleHandler
. Then pass this file to the JVM by adding the system property -Djava.util.logging.config.file=/logging.properties
. A file like the following would apply the same configuration as in Solution 1:
.level = INFO handlers= java.util.logging.ConsoleHandler java.util.logging.ConsoleHandler.level=INFO java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter hudson.security.LDAPSecurityRealm.level = SEVEREhudson.security.SecurityRealm
.level = SEVERE
hudson.util.Secret.level = SEVERE
- Jenkins UI
Solution 3: From the Jenkins UI
You can set the the Loggers under Manage Jenkins > System Logs > Log Levels. Simply copy and paste the logger or package you want to adjust the level for, select the logging Level and click on Submit.