Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52047

AD Users and Groups not found after upgrade

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      Jenkins 2.121.1
      Active Directory Plugin 2.7
      Jenkins running in Windows Server
    • Similar Issues:

      Description

      I just did a system and plugin upgrade to the latest LTS along with all plugins, including Active Directory.

      The first thing I noticed was that all of my binds broke (I was using anonymous on two custom domains), but that was easily fixable. Once I had everything back, I noticed the Authenticated Users line in the Matrix-based permissions. I changed the settings to match my project owner group since pretty much everybody who authenticates is at least a PO. Now I'm getting the following exceptions

      {{Failed to test the validity of the user name Project_Ownersjava.lang.NullPointerException }}
      {{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:666) }}
      {{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:645) }}
      {{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:592) }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:358) }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:341) }}
      {{ at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767) }}
      {{ at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568) }}
      {{ at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350) }}
      {{ at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313) }}
      {{ at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228) }}
      {{Caused: com.google.common.util.concurrent.UncheckedExecutionException }}
      {{ at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2234) }}
      {{ at com.google.common.cache.LocalCache.get(LocalCache.java:3965) }}
      {{ at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764) }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:341) }}
      {{Caused: hudson.plugins.active_directory.CacheAuthenticationException: Authentication failed because there was a problem caching user Project_Owners; nested exception is com.google.common.util.concurrent.UncheckedExecutionException: java.lang.NullPointerException }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:499) }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:304) }}
      {{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:226) }}
      {{ at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:55) }}
      {{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:848) }}
      {{ at org.jenkinsci.plugins.matrixauth.AuthorizationContainerDescriptor.doCheckName_(AuthorizationContainerDescriptor.java:136) }}
      {{ at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:222) }}
      {{ at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source) }}
      {{ at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) }}
      {{ at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) }}
      {{ at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) }}
      {{ at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) }}
      {{ at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) }}
      {{ at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) }}
      {{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) }}
      {{ at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) }}
      {{ at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) }}
      {{ at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) }}
      {{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) }}
      {{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) }}
      {{ at org.kohsuke.stapler.Stapler.service(Stapler.java:238) }}
      {{ at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) }}
      {{ at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) }}
      {{ at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:37) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125) }}
      {{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
      {{ at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:105) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) }}
      {{ at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) }}
      {{ at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) }}
      {{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
      {{ at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) }}
      {{ at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) }}
      {{ at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) }}
      {{ at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) }}
      {{ at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) }}
      {{ at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) }}
      {{ at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) }}
      {{ at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) }}
      {{ at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) }}
      {{ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) }}
      {{ at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) }}
      {{ at org.eclipse.jetty.server.Server.handle(Server.java:530) }}
      {{ at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347) }}
      {{ at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256) }}
      {{ at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) }}
      {{ at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) }}
      {{ at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) }}
      {{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247) }}
      {{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140) }}
      {{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) }}
      {{ at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382) }}{{}}
      {{ at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) }}
      {{ at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) }}
      {{ at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) }}
      {{ at java.lang.Thread.run(Unknown Source)}}

       

      This is an AD group instead of a user, but I'm getting the same exception on user accounts as well.

       

        Attachments

          Issue Links

            Activity

            krachynski Ken Rachynski created issue -
            krachynski Ken Rachynski made changes -
            Field Original Value New Value
            Link This issue is blocked by JENKINS-52045 [ JENKINS-52045 ]
            Hide
            krachynski Ken Rachynski added a comment -

            Manually adding startTls and tlsConfiguration to the Jenkins configuration and reloading from disk corrected this error. However, saving the security configuration removes these two settings from the file again. see linked issue for other details.

            Show
            krachynski Ken Rachynski added a comment - Manually adding startTls and tlsConfiguration to the Jenkins configuration and reloading from disk corrected this error. However, saving the security configuration removes these two settings from the file again. see linked issue for other details.
            miraha jang hyemi (Inactive) made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            miraha jang hyemi (Inactive) made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            Hide
            fbelzunc Félix Belzunce Arcos added a comment -

            This should be fixed in https://github.com/jenkinsci/active-directory-plugin/pull/85 - and it is being released as active-directory-2.8

            Show
            fbelzunc Félix Belzunce Arcos added a comment - This should be fixed in https://github.com/jenkinsci/active-directory-plugin/pull/85 - and it is being released as active-directory-2.8
            fbelzunc Félix Belzunce Arcos made changes -
            Link This issue is related to JENKINS-52045 [ JENKINS-52045 ]
            fbelzunc Félix Belzunce Arcos made changes -
            Status In Review [ 10005 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            fbelzunc Félix Belzunce Arcos made changes -
            Link This issue is related to JENKINS-52045 [ JENKINS-52045 ]
            fbelzunc Félix Belzunce Arcos made changes -
            Environment Jenkins 2.121.1
            Active Directory Plugin 2.7
            Jenkins 2.121.1
            Active Directory Plugin 2.7
            Jenkins running in Windows Server

              People

              • Assignee:
                fbelzunc Félix Belzunce Arcos
                Reporter:
                krachynski Ken Rachynski
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: