Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73746

Searching for a disabled user will send you to the login screen

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • ldap-plugin
    • None
    • 2.462.1

      We're using LDAP for Jenkins, and have a bunch of users that are disabled, they also coincide with the names of some jobs, so e.g. the "machine" user would have some context to the "machine_.."-jobs, and would exist in LDAP.

      Now, we've moved on and disabled the "machine" user, but when we want to find the "machine_.." jobs, by searching for "machine" We're sent to the login screen, and in the logs we find an error, like:

      org.springframework.security.authentication.DisabledException: The user "machine" is administratively disabled. 

      I'll post the full error in a comment below.

      Searching for `mach` or `machine_` correctly returns results. But when the name exactly matches, the error happens.

          [JENKINS-73746] Searching for a disabled user will send you to the login screen

          Pinned comments

          Pinned by N

          N added a comment -

          Error:

          Error while serving https://jenkins.deif.com/job/xray-timeout-test/search/
          org.springframework.security.authentication.DisabledException: The user "machine" is administratively disabled.
            at PluginClassLoader for ldap//hudson.security.UserAttributesHelper.checkIfUserEnabled(UserAttributesHelper.java:92)
            at PluginClassLoader for ldap//hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1319)
            at PluginClassLoader for ldap//hudson.security.LDAPSecurityRealm$DelegateLDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1232)
            at PluginClassLoader for ldap//hudson.security.LDAPSecurityRealm.loadUserByUsername2(LDAPSecurityRealm.java:765)
            at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:170)
            at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:159)
            at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4903)
            at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3574)
            at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2316)
            at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2189)
            at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2079) 

          N added a comment - Error: Error while serving https: //jenkins.deif.com/job/xray-timeout-test/search/ org.springframework.security.authentication.DisabledException: The user "machine" is administratively disabled.   at PluginClassLoader for ldap //hudson.security.UserAttributesHelper.checkIfUserEnabled(UserAttributesHelper.java:92)   at PluginClassLoader for ldap //hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1319)   at PluginClassLoader for ldap //hudson.security.LDAPSecurityRealm$DelegateLDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1232)   at PluginClassLoader for ldap //hudson.security.LDAPSecurityRealm.loadUserByUsername2(LDAPSecurityRealm.java:765)   at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:170)   at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:159)   at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4903)   at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3574)   at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2316)   at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2189)   at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2079)

          All comments

          Pinned by N

          N added a comment -

          Error:

          Error while serving https://jenkins.deif.com/job/xray-timeout-test/search/
          org.springframework.security.authentication.DisabledException: The user "machine" is administratively disabled.
            at PluginClassLoader for ldap//hudson.security.UserAttributesHelper.checkIfUserEnabled(UserAttributesHelper.java:92)
            at PluginClassLoader for ldap//hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1319)
            at PluginClassLoader for ldap//hudson.security.LDAPSecurityRealm$DelegateLDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1232)
            at PluginClassLoader for ldap//hudson.security.LDAPSecurityRealm.loadUserByUsername2(LDAPSecurityRealm.java:765)
            at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:170)
            at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:159)
            at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4903)
            at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3574)
            at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2316)
            at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2189)
            at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2079) 

          N added a comment - Error: Error while serving https: //jenkins.deif.com/job/xray-timeout-test/search/ org.springframework.security.authentication.DisabledException: The user "machine" is administratively disabled.   at PluginClassLoader for ldap //hudson.security.UserAttributesHelper.checkIfUserEnabled(UserAttributesHelper.java:92)   at PluginClassLoader for ldap //hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1319)   at PluginClassLoader for ldap //hudson.security.LDAPSecurityRealm$DelegateLDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1232)   at PluginClassLoader for ldap //hudson.security.LDAPSecurityRealm.loadUserByUsername2(LDAPSecurityRealm.java:765)   at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:170)   at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:159)   at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4903)   at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3574)   at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2316)   at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2189)   at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2079)

          N added a comment -

          note: I'm not sure which component this may be in, I chose `core` please adjust as you see fit.

          N added a comment - note: I'm not sure which component this may be in, I chose `core` please adjust as you see fit.

            Unassigned Unassigned
            ngr_deif N
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: