-
Type:
Bug
-
Status: Resolved (View Workflow)
-
Priority:
Blocker
-
Resolution: Fixed
-
Component/s: active-directory-plugin
-
Labels:None
-
Environment:Jenkins 2.121.1
Active Directory Plugin 2.7
Jenkins running in Windows Server
-
Similar Issues:
I just did a system and plugin upgrade to the latest LTS along with all plugins, including Active Directory.
The first thing I noticed was that all of my binds broke (I was using anonymous on two custom domains), but that was easily fixable. Once I had everything back, I noticed the Authenticated Users line in the Matrix-based permissions. I changed the settings to match my project owner group since pretty much everybody who authenticates is at least a PO. Now I'm getting the following exceptions
{{Failed to test the validity of the user name Project_Ownersjava.lang.NullPointerException }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:666) }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:645) }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:592) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:358) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:341) }}
{{ at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767) }}
{{ at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568) }}
{{ at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350) }}
{{ at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313) }}
{{ at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228) }}
{{Caused: com.google.common.util.concurrent.UncheckedExecutionException }}
{{ at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2234) }}
{{ at com.google.common.cache.LocalCache.get(LocalCache.java:3965) }}
{{ at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:341) }}
{{Caused: hudson.plugins.active_directory.CacheAuthenticationException: Authentication failed because there was a problem caching user Project_Owners; nested exception is com.google.common.util.concurrent.UncheckedExecutionException: java.lang.NullPointerException }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:499) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:304) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:226) }}
{{ at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:55) }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:848) }}
{{ at org.jenkinsci.plugins.matrixauth.AuthorizationContainerDescriptor.doCheckName_(AuthorizationContainerDescriptor.java:136) }}
{{ at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:222) }}
{{ at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source) }}
{{ at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) }}
{{ at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) }}
{{ at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) }}
{{ at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) }}
{{ at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) }}
{{ at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) }}
{{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) }}
{{ at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) }}
{{ at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) }}
{{ at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) }}
{{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) }}
{{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) }}
{{ at org.kohsuke.stapler.Stapler.service(Stapler.java:238) }}
{{ at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) }}
{{ at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) }}
{{ at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:37) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:105) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) }}
{{ at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) }}
{{ at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) }}
{{ at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) }}
{{ at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) }}
{{ at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) }}
{{ at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) }}
{{ at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) }}
{{ at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) }}
{{ at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) }}
{{ at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) }}
{{ at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) }}
{{ at org.eclipse.jetty.server.Server.handle(Server.java:530) }}
{{ at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347) }}
{{ at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256) }}
{{ at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) }}
{{ at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) }}
{{ at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) }}
{{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247) }}
{{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140) }}
{{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) }}
{{ at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382) }}{{}}
{{ at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) }}
{{ at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) }}
{{ at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) }}
{{ at java.lang.Thread.run(Unknown Source)}}
This is an AD group instead of a user, but I'm getting the same exception on user accounts as well.
- is blocked by
-
-
- Resolved
-
- is related to
-
-
- Resolved
-
-
-
- Resolved
-
This should be fixed in https://github.com/jenkinsci/active-directory-plugin/pull/85 - and it is being released as active-directory-2.8
Manually adding startTls and tlsConfiguration to the Jenkins configuration and reloading from disk corrected this error. However, saving the security configuration removes these two settings from the file again. see linked issue for other details.