[FIXED JENKINS-16205] Ignore the lookup failure for the memberOf grou…

…p as it's possible that the authenticating user doesn't have permissions to access the group.
jenkinsci · Dec 27, 2012 · 74899c3 · 74899c3
1 parent f6d7b2e
commit 74899c3
Showing 1 changed file with 15 additions and 10 deletions.
diff --git a/src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java b/src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
@@ -5,6 +5,7 @@
 import hudson.security.SecurityRealm;
 import hudson.security.UserMayOrMayNotExistException;
 import hudson.util.Secret;
+import javax.naming.NameNotFoundException;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationServiceException;
 import org.acegisecurity.BadCredentialsException;
@@ -419,17 +420,21 @@ private Set<GrantedAuthority> resolveGroups(String domainDN, String userDN, DirC
                     continue;
 
                 for (int i = 0; i<memberOf.size(); i++) {
-                    Attributes group = context.getAttributes(new LdapName(memberOf.get(i).toString()), new String[] { "CN", "memberOf" });
-                    Attribute cn = group.get("CN");
-                    if (cn==null) {
-                        LOGGER.fine("Failed to obtain CN of "+memberOf.get(i));
-                        continue;
-                    }
-                    if (LOGGER.isLoggable(Level.FINE))
-                        LOGGER.fine(cn.get()+" is a member of "+memberOf.get(i));
+                    try {
+                        Attributes group = context.getAttributes(new LdapName(memberOf.get(i).toString()), new String[] { "CN", "memberOf" });
+                        Attribute cn = group.get("CN");
+                        if (cn==null) {
+                            LOGGER.fine("Failed to obtain CN of "+memberOf.get(i));
+                            continue;
+                        }
+                        if (LOGGER.isLoggable(Level.FINE))
+                            LOGGER.fine(cn.get()+" is a member of "+memberOf.get(i));
 
-                    if (groups.add(new GrantedAuthorityImpl(cn.get().toString()))) {
-                        q.add(group); // recursively look for groups that this group is a member of.
+                        if (groups.add(new GrantedAuthorityImpl(cn.get().toString()))) {
+                            q.add(group); // recursively look for groups that this group is a member of.
+                        }
+                    } catch (NameNotFoundException e) {
+                        LOGGER.fine("Failed to obtain CN of "+memberOf.get(i));
                     }
                 }
             }