-
Bug
-
Resolution: Fixed
-
Major
-
* Jenkins 2.315 on linux
* Mailer Plugin 408
-
-
4.12.1
We are seeing the following error at the end of a select few builds, which is causing it to fail:
FATAL: org.springframework.security.authentication.DisabledException: The user "st123456" is administratively disabled. org.springframework.security.authentication.DisabledException: The user "st123456" is administratively disabled. at hudson.security.UserAttributesHelper.checkIfUserEnabled(UserAttributesHelper.java:92) at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1315) at hudson.security.LDAPSecurityRealm$DelegateLDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1228) at hudson.security.LDAPSecurityRealm.loadUserByUsername2(LDAPSecurityRealm.java:763) at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:165) at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:154) at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767) at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568) at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350) at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313) at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228) Caused: com.google.common.util.concurrent.UncheckedExecutionException at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2234) at com.google.common.cache.LocalCache.get(LocalCache.java:3965) at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764) at jenkins.security.UserDetailsCache.loadUserByUsername(UserDetailsCache.java:122) at hudson.model.User$UserIDCanonicalIdResolver.resolveCanonicalId(User.java:1251) at hudson.model.User$CanonicalIdResolver.resolve(User.java:1192) at hudson.model.User.get(User.java:523) at hudson.plugins.git.GitChangeSet.findOrCreateUser(GitChangeSet.java:450) at hudson.plugins.git.GitChangeSet.getAuthor(GitChangeSet.java:546) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:139) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:703) at hudson.model.Run.execute(Run.java:1913) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:99) at hudson.model.Executor.run(Executor.java:432) Email was triggered for: Failure - Any Sending email for trigger: Failure - Any An attempt to send an e-mail to empty list of recipients, ignored. Finished: FAILURE
We are using:
- Jenkins 2.315
- Email Extention 2.87
- Mailer Plugin 408
- LDAP Plugin 2.8
- git plugin 4.10.3
An ldapsearch reveals the account is indeed disabled within AD.
Similar issues:
- relates to
-
-
- In Review
-
-
-
- Closed
-
[JENKINS-67981] Build failure due to ldap disabled account
markewaite I installed the test artifact and here is the new error
FATAL: org.springframework.security.authentication.DisabledException: The user "st123456" is administratively disabled. org.springframework.security.authentication.DisabledException: The user "st123456" is administratively disabled. at hudson.security.UserAttributesHelper.checkIfUserEnabled(UserAttributesHelper.java:92) at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1315) at hudson.security.LDAPSecurityRealm$DelegateLDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1228) at hudson.security.LDAPSecurityRealm.loadUserByUsername2(LDAPSecurityRealm.java:763) at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:165) at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:154) at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767) at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568) at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350) at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313) at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228) Caused: com.google.common.util.concurrent.UncheckedExecutionException at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2234) at com.google.common.cache.LocalCache.get(LocalCache.java:3965) at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764) at jenkins.security.UserDetailsCache.loadUserByUsername(UserDetailsCache.java:122) at hudson.model.User$UserIDCanonicalIdResolver.resolveCanonicalId(User.java:1251) at hudson.model.User$CanonicalIdResolver.resolve(User.java:1192) at hudson.model.User.get(User.java:523) at hudson.plugins.git.GitChangeSet.findOrCreateUser(GitChangeSet.java:460) at hudson.plugins.git.GitChangeSet.getAuthor(GitChangeSet.java:560) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:139) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:134) at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:342) at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:94) at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:331) at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:703) at hudson.model.Run.execute(Run.java:1913) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:99) at hudson.model.Executor.run(Executor.java:432) Email was triggered for: Failure - Any Sending email for trigger: Failure - Any An attempt to send an e-mail to empty list of recipients, ignored. Finished: FAILURE
potentialingenuity did you restart Jenkins after installing the updated plugin? The line number of the exception matches a call to User.get() but it should be catching the exception at that location.
The DisabledException being thrown is an instance of AuthenticationException. It should be caught by the code change that was made in that method.
Any further thoughts on this issue? After applying the same update, seem to get the same results.
No further thoughts on the issue. When I try to catch org.springframework.security.authentication.DisabledException , it seems to not be caught. I may need to catch the com.google.common.util.concurrent.UncheckedExecutionException though that is quite a broad exception to catch and ignore
This looks almost exactly like JENKINS-67491 which got reported against 4.10.1 and had a fix released in 4.10.2: https://github.com/jenkinsci/git-plugin/pull/1202/files
On the other issue, the trace showed GitChangeSet.java:460 and that code got wrapped with a try/catch to get org.springframework.security.core.AuthenticationException exceptions. That code tries to lookup a user based on the first part of the email address. So if the author is Jane <jfoo@example.org>, it tries to find "jfoo".
On this issue the trace occurs slightly above at GitChangeSet.java:450 which has:
user = User.get(csAuthor, false, Collections.emptyMap());
That searches for the, I am guessing, author name and would try to lookup "Jane".
We have the same issue at GitChangeSet.java:450 reported at https://phabricator.wikimedia.org/T315897 . The user "TheresNoTime" is disabled in our LDAP (the person uses a different LDAP account) but they craft their commit with that name in the author field.
I am guessing the same try/catch should be made when looking up the user by the user name.
My bad I completely missed the first reply by Mark which stated exactly the same thing: other calls to User.get() did not get guarded and the PR is https://github.com/jenkinsci/git-plugin/pull/1233
hashar I've merged the master branch into that pull request so that you'll have a current version for your test.
I have reproduced the issue in our Jenkins script console and went to elaborate a workaround which deal with AuthenticationException which are not UsernameNotFoundException.
From https://phabricator.wikimedia.org/T315897#8205451 :
import org.springframework.security.core.AuthenticationException; import com.google.common.util.concurrent.UncheckedExecutionException; try { try { println("Attempting to retrieve disabled user 'theresnotime'"); println(User.get("theresnotime", false, Collections.emptyMap())); } catch (AuthenticationException e) { println("Throwing the AuthenticationException directly"); throw e; } catch (UncheckedExecutionException e) { println("Got an UncheckedExecutionException"); if (e.getCause() instanceof AuthenticationException) { println("Found cause to be an AuthenticationException, throwing"); throw (AuthenticationException) e.getCause(); } else { println("Unhandled exception"); throw e; } } } catch (AuthenticationException e) { println(User.getUnknown()); }
Which yields:
Attempting to retrieve disabled user 'theresnotime'
Got an UncheckedExecutionException
Found cause to be an AuthenticationException, throwing
unknown
I have send a new pull request with that code https://github.com/jenkinsci/git-plugin/pull/1322
The git plugin change in 4.10.2 to catch the exception thrown by User.get() for a disabled user was not applied to that line in the plugin. I've submitted git plugin pull request https://github.com/jenkinsci/git-plugin/pull/1233 to guard other calls in the same way.
Please test the build from https://github.com/jenkinsci/git-plugin/pull/1233 by downloading the plugin artifact from https://ci.jenkins.io/job/Plugins/job/git-plugin/job/PR-1233/