Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52047

AD Users and Groups not found after upgrade

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      Jenkins 2.121.1
      Active Directory Plugin 2.7
      Jenkins running in Windows Server
    • Similar Issues:

      Description

      I just did a system and plugin upgrade to the latest LTS along with all plugins, including Active Directory.

      The first thing I noticed was that all of my binds broke (I was using anonymous on two custom domains), but that was easily fixable. Once I had everything back, I noticed the Authenticated Users line in the Matrix-based permissions. I changed the settings to match my project owner group since pretty much everybody who authenticates is at least a PO. Now I'm getting the following exceptions

      {{Failed to test the validity of the user name Project_Ownersjava.lang.NullPointerException }}
      {{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:666) }}
      {{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:645) }}
      {{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:592) }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:358) }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:341) }}
      {{ at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767) }}
      {{ at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568) }}
      {{ at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350) }}
      {{ at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313) }}
      {{ at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228) }}
      {{Caused: com.google.common.util.concurrent.UncheckedExecutionException }}
      {{ at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2234) }}
      {{ at com.google.common.cache.LocalCache.get(LocalCache.java:3965) }}
      {{ at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764) }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:341) }}
      {{Caused: hudson.plugins.active_directory.CacheAuthenticationException: Authentication failed because there was a problem caching user Project_Owners; nested exception is com.google.common.util.concurrent.UncheckedExecutionException: java.lang.NullPointerException }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:499) }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:304) }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:226) }}
      {{ at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:55) }}
      {{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:848) }}
      {{ at org.jenkinsci.plugins.matrixauth.AuthorizationContainerDescriptor.doCheckName_(AuthorizationContainerDescriptor.java:136) }}
      {{ at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:222) }}
      {{ at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source) }}
      {{ at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) }}
      {{ at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) }}
      {{ at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) }}
      {{ at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) }}
      {{ at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) }}
      {{ at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) }}
      {{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) }}
      {{ at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) }}
      {{ at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) }}
      {{ at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) }}
      {{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) }}
      {{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) }}
      {{ at org.kohsuke.stapler.Stapler.service(Stapler.java:238) }}
      {{ at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) }}
      {{ at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) }}
      {{ at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:37) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:105) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) }}
      {{ at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) }}
      {{ at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) }}
      {{ at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) }}
      {{ at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) }}
      {{ at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) }}
      {{ at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) }}
      {{ at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) }}
      {{ at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) }}
      {{ at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) }}
      {{ at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) }}
      {{ at org.eclipse.jetty.server.Server.handle(Server.java:530) }}
      {{ at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347) }}
      {{ at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256) }}
      {{ at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) }}
      {{ at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) }}
      {{ at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) }}
      {{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247) }}
      {{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140) }}
      {{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) }}
      {{ at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382) }}{{}}
      {{ at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) }}
      {{ at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) }}
      {{ at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) }}
      {{ at java.lang.Thread.run(Unknown Source)}}

       

      This is an AD group instead of a user, but I'm getting the same exception on user accounts as well.

       

        Attachments

          Issue Links

            Activity

            Hide
            fbelzunc Félix Belzunce Arcos added a comment -

            This should be fixed in https://github.com/jenkinsci/active-directory-plugin/pull/85 - and it is being released as active-directory-2.8

            Show
            fbelzunc Félix Belzunce Arcos added a comment - This should be fixed in https://github.com/jenkinsci/active-directory-plugin/pull/85 - and it is being released as active-directory-2.8
            Hide
            krachynski Ken Rachynski added a comment -

            Manually adding startTls and tlsConfiguration to the Jenkins configuration and reloading from disk corrected this error. However, saving the security configuration removes these two settings from the file again. see linked issue for other details.

            Show
            krachynski Ken Rachynski added a comment - Manually adding startTls and tlsConfiguration to the Jenkins configuration and reloading from disk corrected this error. However, saving the security configuration removes these two settings from the file again. see linked issue for other details.

              People

              • Assignee:
                fbelzunc Félix Belzunce Arcos
                Reporter:
                krachynski Ken Rachynski
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: