Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56332

ActiveDirectory plugin, problem with search when enabling fallback "Use Jenkins Internal Database"

    Details

    • Similar Issues:

      Description

      When performing a search for a Job name, the following error occurs:

      javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]; remaining name 'DC=deu,DC=mycompany,DC=de'
       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3194)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
       at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
       at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
       at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
       at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
       at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
       at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
       at hudson.plugins.active_directory.LDAPSearchBuilder.search(LDAPSearchBuilder.java:120)
       at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:85)
       at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:385)
       at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:340)
       at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767)
       at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
       at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
       Caused: java.util.concurrent.ExecutionException
       at com.google.common.util.concurrent.AbstractFuture$Sync.getValue(AbstractFuture.java:289)
       at com.google.common.util.concurrent.AbstractFuture$Sync.get(AbstractFuture.java:276)
       at com.google.common.util.concurrent.AbstractFuture.get(AbstractFuture.java:111)
       at com.google.common.util.concurrent.Uninterruptibles.getUninterruptibly(Uninterruptibles.java:132)
       at com.google.common.cache.LocalCache$Segment.getAndRecordStats(LocalCache.java:2381)
       at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2351)
       at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
       at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
       at com.google.common.cache.LocalCache.get(LocalCache.java:3965)
       at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764)
       at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:340)
       Caused: hudson.plugins.active_directory.CacheAuthenticationException: Authentication failed because there was a problem caching user Denis; nested exception is java.util.concurrent.ExecutionException: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]; remaining name 'DC=deu,DC=mycompany,DC=de'
       at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:502)
       at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:303)
       at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:225)
       at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:55)
       at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:854)
       at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:172)
       at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:161)
       at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767)
       at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
       at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
       at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
       at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
       Caused: com.google.common.util.concurrent.UncheckedExecutionException
       at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2234)
       at com.google.common.cache.LocalCache.get(LocalCache.java:3965)
       at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764)
       at jenkins.security.UserDetailsCache.loadUserByUsername(UserDetailsCache.java:127)
       at hudson.model.User$UserIDCanonicalIdResolver.resolveCanonicalId(User.java:1243)
       at hudson.model.User$CanonicalIdResolver.resolve(User.java:1184)
       at hudson.model.User.get(User.java:509)
       at hudson.model.User.get(User.java:479)
       at jenkins.model.Jenkins$9.get(Jenkins.java:2224)
       at jenkins.model.Jenkins$9.get(Jenkins.java:2223)
       at hudson.search.CollectionSearchIndex.find(CollectionSearchIndex.java:56)
       at hudson.search.UnionSearchIndex.find(UnionSearchIndex.java:58)
       at hudson.search.UnionSearchIndex.find(UnionSearchIndex.java:57)
       at hudson.search.Search$Mode$1.find(Search.java:213)
       at hudson.search.Search.find(Search.java:385)
       at hudson.search.Search.find(Search.java:266)
       at hudson.search.Search.doIndex(Search.java:89)
       at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
       at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
       at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
       at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
       at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
       at org.kohsuke.stapler.IndexDispatcher.dispatch(IndexDispatcher.java:27)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
       Caused: javax.servlet.ServletException
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:789)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
       at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:221)
       at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
       at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:169)
       at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
       at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
       at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
       at com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
       at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:239)
       at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:215)
       at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88)
       at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:114)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
       at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
       at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
       at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:105)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
       at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
       at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
       at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
       at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
       at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
       at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:610)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
       at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
       at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
       at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
       at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
       at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
       at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
       at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
       at java.lang.Thread.run(Thread.java:748)

       

      The error does not occur if searching for an existing user.

       

      The same error occurs in the Manage and Assign Roles view of the Role-based Authorization Strategy plugin with the following additional message: "Failed to test the validity of the user name ausername"

      This message appears for each user in the assignment table and the message part "Authentication failed because there was a problem caching user [username];" contains the username in that row of the table instead of [username].

        Attachments

          Activity

          Hide
          ian Jan Heimburger added a comment -

          Switching back to active-directory-plugin-2.10 did not solve the issue. So it seems this is rather caused by another component.

          Show
          ian Jan Heimburger added a comment - Switching back to active-directory-plugin-2.10 did not solve the issue. So it seems this is rather caused by another component.
          Hide
          ian Jan Heimburger added a comment - - edited

          When the search fails, the error message part "Authentication failed because there was a problem caching user [username];" contains the search term instead of [username], e.g.

          28-Feb-2019 21:28:59.275 SEVERE [Handling GET /jenkins/search/ from 172.20.1.120 : http-nio-8080-exec-3] hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser There was a problem caching user sddsdf

           

          This error occurs also if I enable the cache in the global security settings.

          Show
          ian Jan Heimburger added a comment - - edited When the search fails, the error message part "Authentication failed because there was a problem caching user [username] ;" contains the search term instead of [username] , e.g. 28-Feb-2019 21:28:59.275 SEVERE [Handling GET /jenkins/search/ from 172.20.1.120 : http-nio-8080-exec-3] hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser There was a problem caching user sddsdf   This error occurs also if I enable the cache in the global security settings.
          Hide
          ian Jan Heimburger added a comment -

          I have narrowed down the problem further.

          It is not connected to the update but occurs with both versions

          • Jenkins-2.150.1/active-directory-plugin-2.10
          • Jenkins-2.150.3/active-directory-plugin-2.12

          It is triggered when I enable the option "Use Jenkins Internal Database". After I have unchecked this option, the problem vanished and the search workes as expected again.
           

          Show
          ian Jan Heimburger added a comment - I have narrowed down the problem further. It is not connected to the update but occurs with both versions Jenkins-2.150.1/active-directory-plugin-2.10 Jenkins-2.150.3/active-directory-plugin-2.12 It is triggered when I enable the option "Use Jenkins Internal Database" . After I have unchecked this option, the problem vanished and the search workes as expected again.  

            People

            • Assignee:
              fbelzunc Félix Belzunce Arcos
              Reporter:
              ian Jan Heimburger
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: