[JIRA] (JENKINS-61755) LDAP Plugin - Group matching with user groups issue

5 views

Skip to first unread message

pawel.kaczanowski@syncron.com (JIRA)

unread,

Mar 31, 2020, 5:59:03 AM3/31/20

to jenkinsc...@googlegroups.com

Paweł Kaczanowski created an issue

Jenkins /

JENKINS-61755

LDAP Plugin - Group matching with user groups issue

Issue Type:	Bug
Assignee:	Unassigned
Attachments:	image-2020-03-31-11-55-06-247.png
Components:	ldap-plugin
Created:	2020-03-31 09:58
Environment:	Jenkins 2.222.1 OpenJDK 11.0.6+10-post-Ubuntu-1ubuntu118.04.1 Ubuntu 18.04 LTS ldap plugin version 1.21
Priority:	Minor
Reporter:	Paweł Kaczanowski

Project-based Matrix Authorization Strategy
Groups entered by samaccountname are not giving any permissions to its members. Group looks like is correctly recognized.
Groups entered by cn/name are working correct.

Configuration details:
User search filter: (& (objectCategory=Person)(objectclass=user)(samaccountname={0})(!(userAccountControl:1.2.840.113556.1.4.803:=2)) )
Group search filter: (& (objectclass=group) (| (samaccountname={0})(cn={0}) ) )
Group membership|Search for LDAP groups containing user|Group membership filter: (member={0})

Example: Member of below group will have only 'Configure' permissions.

Add Comment

This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)

pawel.kaczanowski@syncron.com (JIRA)

unread,

Mar 31, 2020, 9:22:03 AM3/31/20

to jenkinsc...@googlegroups.com

Paweł Kaczanowski commented on

JENKINS-61755

Re: LDAP Plugin - Group matching with user groups issue

 
                                                                println("1a: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-name', true).getName())
println("1b: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-name', true).getDisplayName())
println("1c: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-name', true))

println("2a: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-samaccountname', true).getName())
println("2b: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-samaccountname', true).getDisplayName())
println("2c: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-samaccountname', true))

println("3a: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-name', true).getMembers())
println("3b: " + Jenkins.instance.securityRealm.loadGroupByGroupname('test-group-samaccountname', true).getMembers())

println("4a: " + Jenkins.instance.securityRealm.loadUserByUsername('Test-User-samaccount'))
println("4b: " + Jenkins.instance.securityRealm.loadUserByUsername('Test-User-samaccount').getAuthorities())
 
                                                            

Result:
1a: Test-Group-Name
1b: Test-Group-Name
1c: hudson.security.LDAPSecurityRealm$GroupDetailsImpl@47ad682
2a: Test-Group-Name
2b: Test-Group-Name
2c: hudson.security.LDAPSecurityRealm$GroupDetailsImpl@242f7016
3a: [Test-User-Name]
3b: [Test-User-Name]
4a: org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@7dcc241a
4b: [authenticated, Test-Group-Name]