[JIRA] (JENKINS-52047) AD Users and Groups not found after upgrade

krachynski@ice-edge.com (JIRA)

unread,

Jun 19, 2018, 3:15:02 PM6/19/18

to jenkinsc...@googlegroups.com

Ken Rachynski created an issue

Jenkins /

JENKINS-52047

AD Users and Groups not found after upgrade

Issue Type:	Bug
Assignee:	Félix Belzunce Arcos
Components:	active-directory-plugin
Created:	2018-06-19 19:14
Environment:	Jenkins 2.121.1 Active Directory Plugin 2.7
Priority:	Blocker
Reporter:	Ken Rachynski

I just did a system and plugin upgrade to the latest LTS along with all plugins, including Active Directory.

The first thing I noticed was that all of my binds broke (I was using anonymous on two custom domains), but that was easily fixable. Once I had everything back, I noticed the Authenticated Users line in the Matrix-based permissions. I changed the settings to match my project owner group since pretty much everybody who authenticates is at least a PO. Now I'm getting the following exceptions

{{Failed to test the validity of the user name Project_Ownersjava.lang.NullPointerException }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:666) }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:645) }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:592) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:358) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:341) }}
{{ at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767) }}
{{ at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568) }}
{{ at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350) }}
{{ at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313) }}
{{ at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228) }}
{{Caused: com.google.common.util.concurrent.UncheckedExecutionException }}
{{ at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2234) }}
{{ at com.google.common.cache.LocalCache.get(LocalCache.java:3965) }}
{{ at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:341) }}
{{Caused: hudson.plugins.active_directory.CacheAuthenticationException: Authentication failed because there was a problem caching user Project_Owners; nested exception is com.google.common.util.concurrent.UncheckedExecutionException: java.lang.NullPointerException }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:499) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:304) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:226) }}
{{ at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:55) }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:848) }}
{{ at org.jenkinsci.plugins.matrixauth.AuthorizationContainerDescriptor.doCheckName_(AuthorizationContainerDescriptor.java:136) }}
{{ at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:222) }}
{{ at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source) }}
{{ at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) }}
{{ at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) }}
{{ at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) }}
{{ at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) }}
{{ at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) }}
{{ at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) }}
{{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) }}
{{ at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) }}
{{ at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) }}
{{ at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) }}
{{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) }}
{{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) }}
{{ at org.kohsuke.stapler.Stapler.service(Stapler.java:238) }}
{{ at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) }}
{{ at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) }}
{{ at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:37) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:105) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) }}
{{ at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) }}
{{ at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) }}
{{ at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) }}
{{ at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) }}
{{ at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) }}
{{ at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) }}
{{ at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) }}
{{ at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) }}
{{ at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) }}
{{ at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) }}
{{ at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) }}
{{ at org.eclipse.jetty.server.Server.handle(Server.java:530) }}
{{ at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347) }}
{{ at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256) }}
{{ at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) }}
{{ at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) }}
{{ at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) }}
{{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247) }}
{{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140) }}
{{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) }}
{{ at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382) }}{{}}
{{ at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) }}
{{ at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) }}
{{ at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) }}
{{ at java.lang.Thread.run(Unknown Source)}}

This is an AD group instead of a user, but I'm getting the same exception on user accounts as well.

Add Comment

This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)

krachynski@ice-edge.com (JIRA)

unread,

Jun 20, 2018, 11:08:02 AM6/20/18

to jenkinsc...@googlegroups.com

Ken Rachynski commented on

JENKINS-52047

Re: AD Users and Groups not found after upgrade

Manually adding startTls and tlsConfiguration to the Jenkins configuration and reloading from disk corrected this error. However, saving the security configuration removes these two settings from the file again. see linked issue for other details.