Jenkins 在 LDAP 中管理禁用用户导致漏报

问题描述 投票:0回答:1

我们更新/重新安装了公司的 Jenkins,并遇到了由 LDAP + 管理禁用用户引起的漏报。起初我以为是我们的邮件通知引起的,ldap无法获取该用户的电子邮件,但我禁用了所有通知,问题仍然出现。

每次 SVN 触发构建并且管理禁用的用户位于提交列表内时,我们都会得到漏报。当用户位于更改列表内时,我们会遇到视觉错误。

在错误之前记录:

...
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  14:28 min
[INFO] Finished at: 2024-04-16T09:34:13+02:00
...

随后:

FATAL: org.springframework.security.authentication.DisabledException: The user "userxyz" is administratively disabled.
org.springframework.security.authentication.DisabledException: The user "userxyz" is administratively disabled.
    at hudson.security.UserAttributesHelper.checkIfUserEnabled(UserAttributesHelper.java:92)
    at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1319)
    at hudson.security.LDAPSecurityRealm$DelegateLDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1232)
    at hudson.security.LDAPSecurityRealm.loadUserByUsername2(LDAPSecurityRealm.java:765)
    at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:170)
    at jenkins.security.UserDetailsCache$Retriever.call(UserDetailsCache.java:159)
    at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4955)
    at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3589)
    at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2328)
    at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2187)
    at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2081)
Caused: com.google.common.util.concurrent.UncheckedExecutionException
    at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2087)
    at com.google.common.cache.LocalCache.get(LocalCache.java:4036)
    at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4950)
    at jenkins.security.UserDetailsCache.loadUserByUsername(UserDetailsCache.java:127)
    at hudson.model.User$UserIDCanonicalIdResolver.resolveCanonicalId(User.java:1262)
    at hudson.model.User$CanonicalIdResolver.resolve(User.java:1203)
    at hudson.model.User.get(User.java:530)
    at hudson.model.User.getOrCreateByIdOrFullName(User.java:593)
    at hudson.model.User.get(User.java:574)
    at hudson.scm.SubversionChangeLogSet$LogEntry.setUser(SubversionChangeLogSet.java:305)
    at hudson.scm.SubversionChangeLogParser.parse(SubversionChangeLogParser.java:92)
    at hudson.scm.SubversionChangeLogParser.parse(SubversionChangeLogParser.java:43)
    at hudson.scm.ChangeLogParser.parse(ChangeLogParser.java:57)
    at hudson.model.AbstractBuild.calcChangeSet(AbstractBuild.java:947)
    at hudson.model.AbstractBuild.getChangeSet(AbstractBuild.java:915)
    at hudson.model.AbstractBuild.getChangeSets(AbstractBuild.java:929)
    at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:136)
    at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:353)
    at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:93)
    at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:342)
    at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:133)
    at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:353)
    at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:93)
    at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:342)
    at jenkins.scm.RunWithSCM.calculateCulprits(RunWithSCM.java:133)
    at hudson.model.AbstractBuild.calculateCulprits(AbstractBuild.java:353)
    at jenkins.scm.RunWithSCM.getCulprits(RunWithSCM.java:93)
    at hudson.model.AbstractBuild.getCulprits(AbstractBuild.java:342)
    at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:715)
    at hudson.model.Run.execute(Run.java:1918)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:44)
    at hudson.model.ResourceController.execute(ResourceController.java:101)
    at hudson.model.Executor.run(Executor.java:442)

我尝试过:

  • 禁用所有通知(电子邮件、irc、webhook)
  • 更新了所有插件
  • 检查了我的 LDAP 设置(与重新安装之前相同)

有办法忽略这个用户吗?问题是由 LDAP、SVN 还是两者共同引起的?

编辑:

找到解决相同问题的旧条目Jenkins Jira

jenkins ldap jenkins-plugins cicd
1个回答
0
投票

我现在正在回答我自己的问题,但也许我的解决方案可以帮助某人。 简而言之,自己给插件打补丁。 GitHub SVN-插件

try-catch
SubversionChangeLogSet
(305 号线)和 
SubversionChangeLogParser
(92 号线)

步骤

  1. 访问 subversion-plugin 的 GitHub 链接
  2. 克隆项目
  3. 打开项目
  4. try-catch
    (L. 305) & 
    SubversionChangeLogSet
    (L. 92)
     添加
    SubversionChangeLogParser
  5. 生成.hpi
  6. 通过 
    [YOUR_JENKINS_URL]/manage/pluginManager/advanced
    7. 安装插件
  7. 部署+安全重启
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.