[JIRA] (JENKINS-61755) LDAP Plugin - Group matching with user groups issue

5 views
Skip to first unread message

pawel.kaczanowski@syncron.com (JIRA)

unread,
Mar 31, 2020, 5:59:03 AM3/31/20
to jenkinsc...@googlegroups.com
Paweł Kaczanowski created an issue
 
Jenkins / Bug JENKINS-61755
LDAP Plugin - Group matching with user groups issue
Issue Type: Bug Bug
Assignee: Unassigned
Attachments: image-2020-03-31-11-55-06-247.png
Components: ldap-plugin
Created: 2020-03-31 09:58
Environment: Jenkins 2.222.1
OpenJDK 11.0.6+10-post-Ubuntu-1ubuntu118.04.1
Ubuntu 18.04 LTS
ldap plugin version 1.21
Priority: Minor Minor
Reporter: Paweł Kaczanowski

Project-based Matrix Authorization Strategy
Groups entered by samaccountname are not giving any permissions to its members. Group looks like is correctly recognized.
Groups entered by cn/name are working correct.

Configuration details:
User search filter: (& (objectCategory=Person)(objectclass=user)(samaccountname={0})(!(userAccountControl:1.2.840.113556.1.4.803:=2)) )
Group search filter: (& (objectclass=group) (| (samaccountname={0})(cn={0}) ) )
Group membership|Search for LDAP groups containing user|Group membership filter: (member={0})

Example: Member of below group will have only 'Configure' permissions.

Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

pawel.kaczanowski@syncron.com (JIRA)

unread,
Mar 31, 2020, 9:22:03 AM3/31/20
to jenkinsc...@googlegroups.com
Paweł Kaczanowski commented on Bug JENKINS-61755
 
Re: LDAP Plugin - Group matching with user groups issue
println("1a: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-name', true).getName())
println("1b: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-name', true).getDisplayName())
println("1c: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-name', true))

println("2a: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-samaccountname', true).getName())
println("2b: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-samaccountname', true).getDisplayName())
println("2c: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-samaccountname', true))

println("3a: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-name', true).getMembers())
println("3b: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-samaccountname', true).getMembers())

println("4a: " + Jenkins.instance.securityRealm.loadUserByUsername('Test-User-samaccount'))
println("4b: " + Jenkins.instance.securityRealm.loadUserByUsername('Test-User-samaccount').getAuthorities())

Result:
1a: Test-Group-Name
1b: Test-Group-Name
1c: hudson.security.LDAPSecurityRealm$GroupDetailsImpl@47ad682
2a: Test-Group-Name
2b: Test-Group-Name
2c: hudson.security.LDAPSecurityRealm$GroupDetailsImpl@242f7016
3a: [Test-User-Name]
3b: [Test-User-Name]
4a: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@7dcc241a
4b: [authenticated, Test-Group-Name]

Reply all
Reply to author
Forward
0 new messages