[JIRA] (JENKINS-13650) Upgrading Active Directory plugin from 1.26 to 1.27 causes loss of Jenkins admin rights

[k...@kohsuke.org (JIRA)]

    [ 
https://issues.jenkins-ci.org/browse/JENKINS-13650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=162519#comment-162519
 ] 

Kohsuke Kawaguchi commented on JENKINS-13650:
---------------------------------------------

In 1.27, because of the 8b4c00a7 change mentioned above, Jenkins was logging 
users into their canonical names, like "Kohsuke Kawaguchi", instead of their 
user names, like "kkawaguchi". Most authorization strategies record users by 
their user names, so of course such change results in the permission losses.

1.28 restores the previous behaviour. This unfortunately means for those who 
modified config.xml for 1.27 would have to redo that one more time. My 
apologies.
                
> Upgrading Active Directory plugin from 1.26 to 1.27 causes loss of Jenkins 
> admin rights
> ---------------------------------------------------------------------------------------
>
>                 Key: JENKINS-13650
>                 URL: https://issues.jenkins-ci.org/browse/JENKINS-13650
>             Project: Jenkins
>          Issue Type: Bug
>          Components: active-directory
>         Environment: Windows Server 2003 x86, non-domain, connecting to 
> Windows Server 2008 Active Directory. "Domain Name" set to 
> ourcompanyname.com, "Domain controller" left blank. Jenkins version=1.450, AD 
> plugin version=1.26
>            Reporter: Tom Fanning
>            Assignee: Kohsuke Kawaguchi
>              Labels: plugin, security
>
> I just updated the AD plugin with "install without restarting" turned on to 
> attempt to fix bug 12619 which I originally reported.
> It failed:
> INFO: Starting the installation of Active Directory plugin on behalf of 
> tfanning
> 01-May-2012 11:23:40 hudson.model.UpdateCenter$UpdateCenterConfiguration 
> download
> INFO: Downloading Active Directory plugin
> 01-May-2012 11:23:41 hudson.PluginManager dynamicLoad
> INFO: Attempting to dynamic load C:\Program 
> Files\Jenkins\plugins\active-directory.jpi
> 01-May-2012 11:23:41 hudson.model.UpdateCenter$DownloadJob run
> SEVERE: Failed to install Active Directory plugin
> hudson.util.IOException2: Failed to dynamically deploy this plugin
>       at 
> hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:1137)
>       at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:955)
>       at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
>       at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
>       at java.util.concurrent.FutureTask.run(Unknown Source)
>       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown 
> Source)
>       at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
>       at java.lang.Thread.run(Unknown Source)
> Caused by: java.io.IOException: Unable to delete C:\Program 
> Files\Jenkins\plugins\active-directory\WEB-INF\lib\active-directory-1.0.jar
>       at hudson.Util.deleteFile(Util.java:237)
>       at hudson.Util.deleteRecursive(Util.java:287)
>       at hudson.Util.deleteContentsRecursive(Util.java:198)
>       at hudson.Util.deleteRecursive(Util.java:278)
>       at hudson.Util.deleteContentsRecursive(Util.java:198)
>       at hudson.Util.deleteRecursive(Util.java:278)
>       at hudson.Util.deleteContentsRecursive(Util.java:198)
>       at hudson.ClassicPluginStrategy.explode(ClassicPluginStrategy.java:389)
>       at 
> hudson.ClassicPluginStrategy.createPluginWrapper(ClassicPluginStrategy.java:113)
>       at hudson.PluginManager.dynamicLoad(PluginManager.java:340)
>       at 
> hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:1133)
>       ... 7 more
> I then restarted the Jenkins service, waited, logged in with my AD 
> credentials, so this appeared to work.
> However in Jenkins my AD account has now lost all of its admin privileges, 
> i.e. I nor any other person configured to have admin rights can now configure 
> Jenkins.
> I noticed active-directory.bak left over in the Jenkins plugin folder. 
> Stopped the service, deleted active-directory.jpi, renamed 
> active-directory.bak to .jpi, restarted, all working (albeit with bug 12619 
> still present)
> How should I upgrade to 1.27 safely?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira