search

jenkinsci / oic-auth-plugin

A Jenkins plugin which lets you login to Jenkins using your own, self-hosted or public openid connect server.
https://plugins.jenkins.io/oic-auth
MIT License
71 stars 93 forks source link

Unable to start Jenkins 2.480 due to ldap lookup uncaught exception #430

Closed garyrusso closed 2 weeks ago

garyrusso commented 2 weeks ago

Jenkins and plugins versions report

Environment Jenkins: 2.473 OS: Linux - 6.8.0-1015-aws Java: 21.0.4 - Ubuntu (OpenJDK 64-Bit Server VM) --- allure-jenkins-plugin:2.31.1 ant:511.v0a_a_1a_334f41b_ antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 asm-api:9.7.1-95.v9f552033802a_ aws-credentials:231.v08a_59f17d742 aws-java-sdk:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-api-gateway:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-autoscaling:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-cloudformation:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-cloudfront:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-codebuild:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-codedeploy:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-ec2:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-ecr:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-ecs:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-efs:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-elasticbeanstalk:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-elasticloadbalancingv2:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-iam:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-kinesis:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-lambda:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-logs:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-minimal:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-organizations:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-secretsmanager:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-sns:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-sqs:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-ssm:1.12.767-467.vb_e93f0c614b_6 bootstrap5-api:5.3.3-1 bouncycastle-api:2.30.1.78.1-248.ve27176eb_46cb_ branch-api:2.1178.v969d9eb_c728e build-timeout:1.33 caffeine-api:3.1.8-133.v17b_1ff2e0599 checks-api:2.2.1 cloudbees-folder:6.955.v81e2a_35c08d3 command-launcher:115.vd8b_301cc15d0 commons-lang3-api:3.17.0-84.vb_b_938040b_078 commons-text-api:1.12.0-129.v99a_50df237f7 config-file-provider:978.v8e85886ffdc4 credentials:1384.vf0a_2ed06f9c6 credentials-binding:681.vf91669a_32e45 data-tables-api:2.1.8-1 display-url-api:2.204.vf6fddd8a_8b_e9 durable-task:577.v2a_8a_4b_7c0247 ec2:1715.vb_9e9e841ca_94 echarts-api:5.5.1-1 eddsa-api:0.3.0-4.v84c6f0f4969e email-ext:1844.v3ea_a_b_842374a_ font-awesome-api:6.6.0-2 git:5.5.2 git-client:6.0.0 git-server:126.v0d945d8d2b_39 github:1.40.0 github-api:1.321-475.vf7ef62885c83 github-branch-source:1797.v86fdb_4d57d43 github-pullrequest:0.7.0 gradle:2.13.1 gson-api:2.11.0-41.v019fcf6125dc instance-identity:201.vd2a_b_5a_468a_a_6 ionicons-api:74.v93d5eb_813d5f jackson2-api:2.17.0-379.v02de8ec9f64c jakarta-activation-api:2.1.3-1 jakarta-mail-api:2.1.3-1 javax-activation-api:1.2.0-7 javax-mail-api:1.6.2-10 jaxb:2.3.9-1 jdk-tool:80.v8a_dee33ed6f0 jjwt-api:0.11.5-112.ve82dfb_224b_a_d joda-time-api:2.13.0-85.vb_64d1c2921f1 jquery3-api:3.7.1-2 jsch:0.2.16-86.v42e010d9484b_ json-api:20240303-41.v94e11e6de726 json-path-api:2.9.0-58.v62e3e85b_a_655 junit:1304.vc85a_b_ca_96613 ldap:725.v3cb_b_711b_1a_ef lockable-resources:1315.v4ea_8e5159ec8 mailer:488.v0c9639c1a_eb_3 matrix-auth:3.2.2 matrix-project:839.vff91cd7e3a_b_2 mina-sshd-api-common:2.14.0-133.vcc091215a_358 mina-sshd-api-core:2.14.0-133.vcc091215a_358 node-iterator-api:55.v3b_77d4032326 nodejs:1.6.2 okhttp-api:4.11.0-179.vdc1e64343d52 pam-auth:1.11 pipeline-build-step:540.vb_e8849e1a_b_d8 pipeline-github-lib:61.v629f2cc41d83 pipeline-graph-analysis:216.vfd8b_ece330ca_ pipeline-groovy-lib:740.va_2701257fe8d pipeline-input-step:495.ve9c153f6067b_ pipeline-milestone-step:119.vdfdc43fc3b_9a_ pipeline-model-api:2.2214.vb_b_34b_2ea_9b_83 pipeline-model-definition:2.2214.vb_b_34b_2ea_9b_83 pipeline-model-extensions:2.2214.vb_b_34b_2ea_9b_83 pipeline-rest-api:2.34 pipeline-stage-step:312.v8cd10304c27a_ pipeline-stage-tags-metadata:2.2214.vb_b_34b_2ea_9b_83 pipeline-stage-view:2.34 plain-credentials:183.va_de8f1dd5a_2b_ plugin-util-api:5.1.0 resource-disposer:0.24 scm-api:696.v778d637b_a_762 script-security:1362.v67dc1f0e1b_b_3 snakeyaml-api:2.3-123.v13484c65210a_ ssh-credentials:343.v884f71d78167 ssh-slaves:2.973.v0fa_8c0dea_f9f sshd:3.330.vc866a_8389b_58 structs:338.v848422169819 timestamper:1.27 token-macro:400.v35420b_922dcb_ trilead-api:2.147.vb_73cc728a_32e variant:60.v7290fc0eb_b_cd versioncolumn:243.vda_c20eea_a_8a_f workflow-aggregator:600.vb_57cdd26fdd7 workflow-api:1336.vee415d95c521 workflow-basic-steps:1058.vcb_fc1e3a_21a_9 workflow-cps:3969.vdc9d3a_efcc6a_ workflow-durable-task-step:1371.vb_7cec8f3b_95e workflow-job:1436.vfa_244484591f workflow-multibranch:795.ve0cb_1f45ca_9a_ workflow-scm-step:427.v4ca_6512e7df1 workflow-step-api:678.v3ee58b_469476 workflow-support:926.v9f4f9b_b_98c19 ws-cleanup:0.47

What Operating System are you using (both controller, and any agents involved in the problem)?

The problem occurs when attempting to upgrade from version 2.473 to version 2.480.

However, the error started occurring with version 2.474.

I'm attaching the jenkins log.

jenkins-v2-480-2024-10-11.log

Reproduction steps

Steps:

  1. download jenkins.war file version 2.480.
  2. copy jenkins.war file to the Ubuntu server (/usr/share/java).
  3. cd /usr/share/java
  4. chown jenkins:jenkins jenkins.war
  5. chmod 644 jenkins.war
  6. sudo su - jenkins
  7. systemctl restart jenkins
  8. observer the following errors in jenkins log
  9. see attached log file for more info.

2024-10-11 21:19:02.312+0000 [id=27] WARNING h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID 450c41cf-d2bb-406d-9cf1-dba6a6f48cff java.lang.NoSuchMethodError: 'void org.springframework.util.Assert.isTrue(boolean)' at PluginClassLoader for ldap//org.springframework.ldap.support.LdapUtils$CollectingAttributeValueCallbackHandler.handleAttributeValue(LdapUtils.java:343) at PluginClassLoader for ldap//org.springframework.ldap.support.LdapUtils.handleAttributeValue(LdapUtils.java:321) at PluginClassLoader for ldap//org.springframework.ldap.support.LdapUtils.iterateAttributeValues(LdapUtils.java:305) at PluginClassLoader for ldap//org.springframework.ldap.support.LdapUtils.collectAttributeValues(LdapUtils.java:287) at PluginClassLoader for ldap//org.springframework.ldap.core.DirContextAdapter.collectAttributeValuesAsList(DirContextAdapter.java:787) at PluginClassLoader for ldap//org.springframework.ldap.core.DirContextAdapter.getObjectAttributes(DirContextAdapter.java:776) at PluginClassLoader for ldap//org.springframework.security.ldap.SpringSecurityLdapTemplate.extractStringAttributeValues(SpringSecurityLdapTemplate.java:224) at PluginClassLoader for ldap//org.springframework.security.ldap.SpringSecurityLdapTemplate.lambda$searchForMultipleAttributeValues$2(SpringSecurityLdapTemplate.java:187) at PluginClassLoader for ldap//org.springframework.ldap.core.ContextMapperCallbackHandler.getObjectFromNameClassPair(ContextMapperCallbackHandler.java:69) at PluginClassLoader for ldap//org.springframework.ldap.core.CollectingNameClassPairCallbackHandler.handleNameClassPair(CollectingNameClassPairCallbackHandler.java:50) at PluginClassLoader for ldap//org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:371) at PluginClassLoader for ldap//org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:332) at PluginClassLoader for ldap//org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:633) at PluginClassLoader for ldap//org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:574)

Expected Results

Jenkins starts up normally and users can log in.

Actual Results

Jenkins shows 500 error page and login is not possible

Anything else?

No response

Are you interested in contributing a fix?

No response

jtnord commented 2 weeks ago

Hi @garyrusso I fail to see the connection to do with this (the oic-auth) plugin

MarkEWaite commented 2 weeks ago

@garyrusso you'll need to upgrade the LDAP plugin from your installed version 725.v3cb_b_711b_1a_ef to 733.vd3700c27b_043 or later. Guidance of techniques to perform that upgrade are in a community.jenkins.io post.

The Jenkins 2.475 changelog notes that users must install the new version of the LDAP plugin in lockstep with the upgrade of Jenkins core. Jenkins 2.475 upgrades Jenkins core from Spring Security 5.x to Spring Security 6.x. It upgrades Jenkins core from Java EE 8 to Jakarta EE 9. It upgrades Jenkins core from Jetty 10 (Java EE 8) to Jetty 12 (Jakarta EE 9).

The LDAP plugin includes an LDAP component from Spring Security. There isn't any feasible way to avoid the lock-step upgrade.