Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74854

upgrading jenkins from version 2.387.1 to version 2.401.1 and user cannot login with ldap account

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • ldap-plugin
    • None

      i do upgrade jenkins from version 2.387.1 to version 2.401.1 in docker, the changes only docker image. after upgrade, i cannt login with ldap user.

      so, i login with local admin and found that Ldap configuration in menu "Security - security" was gone.

       

      is there any step/requirement did i mis ?

          [JENKINS-74854] upgrading jenkins from version 2.387.1 to version 2.401.1 and user cannot login with ldap account

          What is the version of the LDAP plugin you are using?

          Damien Duportal added a comment - What is the version of the LDAP plugin you are using?

          Also why 2.401.1 specifically (https://www.jenkins.io/changelog-stable/#v2.401.1)

          • It's not the latest patch in this LTS line (at least use 2.401.3)
          • It's 18 months old: you might want to use the latest LTS instead (eventually the previous one if you are still using JDK11 for running it)

          => I strongly suggest you take a backup of your JENKINS_HOME, upgrade all your plugins and upgrade Jenkins core to https://www.jenkins.io/changelog-stable/#v2.479.1 if you can use JDK17 or https://www.jenkins.io/changelog-stable/#v2.462.3 if you are stuck to JDK11

          Damien Duportal added a comment - Also why 2.401.1 specifically ( https://www.jenkins.io/changelog-stable/#v2.401.1 ) It's not the latest patch in this LTS line (at least use 2.401.3) It's 18 months old: you might want to use the latest LTS instead (eventually the previous one if you are still using JDK11 for running it) => I strongly suggest you take a backup of your JENKINS_HOME, upgrade all your plugins and upgrade Jenkins core to https://www.jenkins.io/changelog-stable/#v2.479.1 if you can use JDK17 or https://www.jenkins.io/changelog-stable/#v2.462.3 if you are stuck to JDK11

          junaidi added a comment -

          Thanks damien for the reply.

           

          yes, i backup JENKINS_HOME and i still try upgrade jenkins in my UAT environment. jenkins is running via docker.

          ldap plugin version 701.vf8619de9160a_

           

          i'll try upgrade to version 2.414.3 and will be inform you the result.

           

          junaidi added a comment - Thanks damien for the reply.   yes, i backup JENKINS_HOME and i still try upgrade jenkins in my UAT environment. jenkins is running via docker. ldap plugin version 701.vf8619de9160a_   i'll try upgrade to version 2.414.3 and will be inform you the result.  

          juned56 upgrading LTS by LTS when you are running an old version is a waste of your time. You should go directly to the latest LTS line conform to your restrictions (check my previous message: either 2.462.3 or 2.479.1), along with plugins.

          The rationale is that you will most probably hit edge cases which are solved by later plugins versions.

          Plugins have a "minimum Jenkins Core version" baseline which can be upgraded over their life.
          There are no "general" rule of thumb here as each plugin could break in different (and creative way) with incompatible or really old Core baseline. Except:

          • Having a "staging' environment in which you can test some of your pipelines => you already have this with your UAT
          • Taking backups => you already do that
          • Upgrade frequently (once a month is a minimum) both Core and all plugins

          The idea is to consider plugins to be "go to latest available for your Core version" and core to be "upgrade as soon as possible when available).

          Damien Duportal added a comment - juned56 upgrading LTS by LTS when you are running an old version is a waste of your time. You should go directly to the latest LTS line conform to your restrictions (check my previous message: either 2.462.3 or 2.479.1), along with plugins. The rationale is that you will most probably hit edge cases which are solved by later plugins versions. Plugins have a "minimum Jenkins Core version" baseline which can be upgraded over their life. There are no "general" rule of thumb here as each plugin could break in different (and creative way) with incompatible or really old Core baseline. Except: Having a "staging' environment in which you can test some of your pipelines => you already have this with your UAT Taking backups => you already do that Upgrade frequently (once a month is a minimum) both Core and all plugins The idea is to consider plugins to be "go to latest available for your Core version" and core to be "upgrade as soon as possible when available).

          junaidi added a comment -

          Hi dduportal

          Before upgrade jenkins, i'm upgrade ldap plugins version 725.v3cb_b_711b_1a_ef 
          then upgrade jenkins to version 2.462.3 but there is some issues :
          1. ldap config is gone.

          there is no error in logs. Any other suggestion dduportal ?

          I appreciate for your help 
          Thanks

          junaidi added a comment - Hi dduportal ,  Before upgrade jenkins, i'm upgrade ldap plugins version 725.v3cb_b_711b_1a_ef  then upgrade jenkins to version 2.462.3 but there is some issues : 1. ldap config is gone. there is no error in logs. Any other suggestion dduportal ? I appreciate for your help  Thanks

          junaidi added a comment -

          This is Jenkins docker image that i used:
          registry.redhat.io/ocp-tools-4/jenkins-rhel8:v4.13.0-1730208487

          junaidi added a comment - This is Jenkins docker image that i used: registry.redhat.io/ocp-tools-4/jenkins-rhel8:v4.13.0-1730208487

          • The combination of 2.462.3 Core and 725.v3cb_b_711b_1a_ef LDAP plugin looks good!
          • The Docker image `registry.redhat.io/ocp-tools-4/jenkins-rhel8:v4.13.0-1730208487` is unknown to me and is not supported officially by the Jenkins project. Only https://hub.docker.com/r/jenkins/jenkins is officially supported. If the problem comes from the image, it will be hard to help you. But worth checking other elements.

          -> What is the JDK version used by Jenkins inside this image?
          -> You need to check the container logs. There will be message(s) helping you and us to understand.

          Damien Duportal added a comment - The combination of 2.462.3 Core and 725.v3cb_b_711b_1a_ef LDAP plugin looks good! The Docker image `registry.redhat.io/ocp-tools-4/jenkins-rhel8:v4.13.0-1730208487` is unknown to me and is not supported officially by the Jenkins project. Only https://hub.docker.com/r/jenkins/jenkins is officially supported. If the problem comes from the image, it will be hard to help you. But worth checking other elements. -> What is the JDK version used by Jenkins inside this image? -> You need to check the container logs. There will be message(s) helping you and us to understand.

          John Flynn added a comment -

          I have had a similar issue upgrading my jenkins systems.  If you are on ldap 725* and are on jenkins under version 2.479.1 LTS there is no option to upgrade the ldap plugin because the pom after 725 requires jenkins 2.475.  If you upgrade to latest jenkins LTS 2.479.2, the system is broke because it needs a newer version of the ldap plugin.  I have manually copied the latest ldap plugin and was then able to login.

          John Flynn added a comment - I have had a similar issue upgrading my jenkins systems.  If you are on ldap 725* and are on jenkins under version 2.479.1 LTS there is no option to upgrade the ldap plugin because the pom after 725 requires jenkins 2.475.  If you upgrade to latest jenkins LTS 2.479.2, the system is broke because it needs a newer version of the ldap plugin.  I have manually copied the latest ldap plugin and was then able to login.

          junaidi added a comment -

          trixmot yes, i'm also add manually but there is one problem, if jenkins restart, ldap configuration will gone again.

          so i just create groovy script for create new configuration to connect ldap and put the script in folder init.groovy.d and it solved

          junaidi added a comment - trixmot yes, i'm also add manually but there is one problem, if jenkins restart, ldap configuration will gone again. so i just create groovy script for create new configuration to connect ldap and put the script in folder init.groovy.d and it solved

          Mark Waite added a comment - - edited

          trixmot and juned56 your comments are related to a different situation that is specific to Jenkins 2.479.1. Please refer to the Jenkins 2.479.1 upgrade guide where it says:

          Users of the LDAP plugin must upgrade it to version 733.vd3700c27b_043 in tandem with upgrading Jenkins core.

          To upgrade the LDAP plugin, follow these steps:

          1. Stop the Jenkins service with systemctl stop jenkins on Linux or similar commands on other operating systems.
          2. Download the LDAP plugin from the Jenkins update center.
          3. Move ldap.hpi into $JENKINS_HOME/plugins/ldap.jpi and set the correct ownership and permissions.
          4. Start the Jenkins service with systemctl start jenkins or similar commands on other operating systems.

          The "What's new in Jenkins 2.479.1" live stream provides more details

          Mark Waite added a comment - - edited trixmot and juned56 your comments are related to a different situation that is specific to Jenkins 2.479.1 . Please refer to the Jenkins 2.479.1 upgrade guide where it says: Users of the LDAP plugin must upgrade it to version 733.vd3700c27b_043 in tandem with upgrading Jenkins core. To upgrade the LDAP plugin, follow these steps: Stop the Jenkins service with systemctl stop jenkins on Linux or similar commands on other operating systems. Download the LDAP plugin from the Jenkins update center . Move ldap.hpi into $JENKINS_HOME/plugins/ldap.jpi and set the correct ownership and permissions. Start the Jenkins service with systemctl start jenkins or similar commands on other operating systems. The "What's new in Jenkins 2.479.1" live stream provides more details

            Unassigned Unassigned
            juned56 junaidi
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: