Security Realm for LDAP and Role-Based Strategy is not set

[devent]

Jenkins and plugins versions report

Environment

```text Jenkins: 2.332.1 OS: Linux - 5.10.0-10-amd64 --- ace-editor:1.1 ant:1.13 antisamy-markup-formatter:2.7 apache-httpcomponents-client-4-api:4.5.13-1.0 authentication-tokens:1.4 authorize-project:1.4.0 bootstrap4-api:4.6.0-3 bootstrap5-api:5.1.3-6 bouncycastle-api:2.25 branch-api:2.7.0 build-timeout:1.20 caffeine-api:2.9.2-29.v717aac953ff3 checks-api:1.7.2 cloudbees-folder:6.714.v79e858ef76a_2 command-launcher:1.6 configuration-as-code:1414.v878271fc496f credentials:1074.v60e6c29b_b_44b_ credentials-binding:1.27.1 display-url-api:2.3.6 docker-commons:1.19 docker-workflow:1.28 durable-task:495.v29cd95ec10f2 echarts-api:5.3.0-2 email-ext:2.87 external-monitor-job:191.v363d0d1efdf8 font-awesome-api:6.0.0-1 git:4.10.3 git-client:3.11.0 git-server:1.10 gitea:1.4.1 github:1.34.3 github-api:1.301-378.v9807bd746da5 github-branch-source:1583.v18d333ef7379 gradle:1.38 handlebars:3.0.8 handy-uri-templates-2-api:2.1.8-1.0 jackson2-api:2.13.2-260.v43d711474c77 javadoc:217.v905b_86277a_2a_ javax-activation-api:1.2.0-2 javax-mail-api:1.6.2-5 jaxb:2.3.0.1 jdk-tool:1.5 jjwt-api:0.11.2-9.c8b45b8bb173 jnr-posix-api:3.1.7-3 jquery-detached:1.2.1 jquery3-api:3.6.0-2 jsch:0.1.55.2 junit:1.56 kubernetes:3568.vde94f6b_41b_c8 kubernetes-client-api:5.12.1-187.v577c3e368fb_6 kubernetes-credentials:0.9.0 ldap:2.8 lockable-resources:2.14 mailer:408.vd726a_1130320 mapdb-api:1.0.9.0 matrix-auth:3.1 matrix-project:758.v7a_ea_491852f3 metrics:4.1.6.1 momentjs:1.1.1 okhttp-api:4.9.3-105.vb96869f8ac3a pam-auth:1.7 pipeline-build-step:2.16 pipeline-github-lib:36.v4c01db_ca_ed16 pipeline-graph-analysis:188.v3a01e7973f2c pipeline-input-step:446.vf27b_0b_83500e pipeline-milestone-step:100.v60a_03cd446e1 pipeline-model-api:2.2064.v5eef7d0982b_e pipeline-model-definition:2.2064.v5eef7d0982b_e pipeline-model-extensions:2.2064.v5eef7d0982b_e pipeline-rest-api:2.23 pipeline-stage-step:291.vf0a8a7aeeb50 pipeline-stage-tags-metadata:2.2064.v5eef7d0982b_e pipeline-stage-view:2.23 plain-credentials:1.8 plugin-util-api:2.15.0 popper-api:1.16.1-2 popper2-api:2.11.4-1 resource-disposer:0.17 role-strategy:3.2.0 scm-api:595.vd5a_df5eb_0e39 script-security:1145.vb_cf6cf6ed960 snakeyaml-api:1.29.1 ssh-credentials:1.19 ssh-slaves:1.806.v2253cedd3295 sshd:3.1.0 structs:308.v852b473a2b8c subversion:2.15.3 swarm:3.22 timestamper:1.17 token-macro:285.vff7645a_56ff0 trilead-api:1.0.13 variant:1.4 windows-slaves:1.8 workflow-aggregator:2.7 workflow-api:1143.v2d42f1e9dea_5 workflow-basic-steps:941.vdfe1b_a_132c64 workflow-cps:2682.va_473dcddc941 workflow-cps-global-lib:564.ve62a_4eb_b_e039 workflow-durable-task-step:1128.v8c259d125340 workflow-job:1174.vdcb_d054cf74a_ workflow-multibranch:711.vdfef37cda_816 workflow-scm-step:2.13 workflow-step-api:622.vb_8e7c15b_c95a_ workflow-support:815.vd60466279fc8 ws-cleanup:0.40 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Jenkins

Reproduction steps

1. Create configuration
2. Deploy Jenkins

Expected Results

Expecting LDAP is configured and Roles are setup.

Actual Results

No LDAP and no Roles.

Anything else?

Kubernetes cloud and credentials are configured correctly. No error that I could find.

Logs:

022-03-27 09:13:08.620+0000 [id=35]    INFO    jenkins.InitReactorRunner$1#onAttained: System config loaded
2022-03-27 09:13:09.145+0000 [id=35]    WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.csanchez.jenkins.plugins.kubernetes.PodTemplate#listener: type is abstract but not Describable.
2022-03-27 09:13:09.183+0000 [id=35]    WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy#authoritiesPopulator: type is abstract but not Describable.
2022-03-27 09:13:10.278+0000 [id=35]    WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.csanchez.jenkins.plugins.kubernetes.PodTemplate#listener: type is abstract but not Describable.
2022-03-27 09:13:10.328+0000 [id=35]    WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy#authoritiesPopulator: type is abstract but not Describable.
2022-03-27 09:13:10.367+0000 [id=35]    INFO    o.s.s.l.DefaultSpringSecurityContextSource#<init>:  URL 'ldap://openldap.kube-ldap.svc.cluster.local:1389/dc=muellerpublic,dc=de', root DN is 'dc=muellerpublic,dc=de'
2022-03-27 09:13:10.593+0000 [id=35]    INFO    j.s.s2m.AdminWhitelistRule#setMasterKillSwitch: Setting AdminWhitelistRule no longer has any effect. See https://www.jenkins.io/redirect/AdminWhitelistRule to learn more.

The config: (I only added the relevant parts)

jenkins:
  agentProtocols:
  - "JNLP4-connect"
  - "Ping"
  authorizationStrategy:
    roleBased:
      roles:
        global:
        - assignments:
          - "nohpophee6zohvai"
          - "Administrators"
          name: "admin"
          pattern: ".*"
          permissions:
          - "Job/Move"
          - "Job/Build"
          - "Lockable Resources/View"
          - "Credentials/Delete"
          - "Credentials/ManageDomains"
          - "Lockable Resources/Unlock"
          - "View/Create"
          - "Agent/Configure"
          - "Job/Read"
          - "Credentials/Update"
          - "Agent/Create"
          - "Job/Delete"
          - "Agent/Build"
          - "View/Configure"
          - "Metrics/HealthCheck"
          - "Lockable Resources/Reserve"
          - "Agent/Provision"
          - "Metrics/ThreadDump"
          - "SCM/Tag"
          - "Job/Create"
          - "Job/Discover"
          - "Credentials/View"
          - "Agent/Connect"
          - "Agent/Delete"
          - "Run/Replay"
          - "Agent/Disconnect"
          - "Run/Delete"
          - "Job/Cancel"
          - "Overall/Read"
          - "Run/Update"
          - "Credentials/Create"
          - "Overall/Administer"
          - "View/Delete"
          - "Job/Configure"
          - "Lockable Resources/Steal"
          - "Metrics/View"
          - "Job/Workspace"
          - "View/Read"
        - assignments:
          - "JenkinsTrusted"
          name: "trusted"
          pattern: ".*"
          permissions:
          - "Job/Move"
          - "Job/Build"
          - "Lockable Resources/View"
          - "Credentials/Delete"
          - "Credentials/ManageDomains"
          - "Lockable Resources/Unlock"
          - "View/Create"
          - "Agent/Configure"
          - "Job/Read"
          - "Credentials/Update"
          - "Agent/Create"
          - "Job/Delete"
          - "Agent/Build"
          - "View/Configure"
          - "Metrics/HealthCheck"
          - "Lockable Resources/Reserve"
          - "Agent/Provision"
          - "Metrics/ThreadDump"
          - "SCM/Tag"
          - "Job/Create"
          - "Job/Discover"
          - "Credentials/View"
          - "Agent/Connect"
          - "Agent/Delete"
          - "Run/Replay"
          - "Agent/Disconnect"
          - "Run/Delete"
          - "Job/Cancel"
          - "Overall/Read"
          - "Run/Update"
          - "Credentials/Create"
          - "View/Delete"
          - "Job/Configure"
          - "Lockable Resources/Steal"
          - "Metrics/View"
          - "Job/Workspace"
          - "View/Read"
        - assignments:
          - "anonymous"
          name: "visitor"
          pattern: ".*"
          permissions:
          - "Overall/Read"
          - "Job/Read"
  clouds:
  - kubernetes:
      containerCap: 10
      containerCapStr: "10"
      jenkinsTunnel: "jenkins-agent:50000"
  securityRealm:
    ldap:
      configurations:
      - displayNameAttributeName: "uid"
        groupMembershipStrategy:
          fromUserRecord:
            attributeName: "memberOf"
        groupSearchBase: "ou=People"
        groupSearchFilter: "(&(objectClass=jenkinsUser)(memberOf=cn=Jenkins,ou=group,dc=muellerpublic,dc=de)(|(uid={0})(cn={0})))"
        inhibitInferRootDN: false
        managerDN: "cn=admin,dc=muellerpublic,dc=de"
        managerPasswordSecret: "xxx"
        rootDN: "dc=muellerpublic,dc=de"
        server: "openldap.kube-ldap.svc.cluster.local:1389"
        userSearch: "(&(objectClass=inetOrgPerson)(memberOf=cn=Jenkins,ou=Group,dc=muellerpublic,dc=de)(|(uid={0})(cn={0})))"
        userSearchBase: "ou=People"
      disableMailAddressResolver: false
      disableRolePrefixing: true
      groupIdStrategy: "caseInsensitive"
      userIdStrategy: "caseInsensitive"

[timja]

Have you tried configuring it manually and exporting it?

[devent]

Yes. I configured Jenkins manually and then I exported the config. Now I just changed the pod template and loaded the whole configuration into Jenkins.

Specifically I just updated the jenkins.clouds.'kubernetes'.templates.containers.image

[timja]

Worth posting in gitter if you haven't already https://gitter.im/jenkinsci/configuration-as-code-plugin

[devent]

No I haven't.

Here is the full config: https://gist.github.com/devent/895973134052bb45365f88200d66ba24

[devent]

I think the issue is somewhere else. I just re-applied the configuration and now everything is correct setup. I pressed the button "Reload existing configuration"

But why wasn't the LDAP and Roles loaded on deployment? Everything else was.