[JIRA] [reverse-proxy-auth-plugin] (JENKINS-29330) nested groups not looked up

[tim-christian.bloss@elaxy.de (JIRA)]

Tim-Christian Bloss created an issue

Jenkins / JENKINS-29330 nested groups not looked up Issue Type: Improvement Assignee: Oleg Nenashev Components: reverse-proxy-auth-plugin, role-strategy-plugin Created: 10/Jul/15 7:39 AM Environment: Debian GNU/Linux 8 / AMD64 LANG=de_DE.UTF-8 Apache Tomcat/7.0.54 Oracle JDK 1.8.0_45 / AMD64 -Duser.language=de -Duser.country=DE -Dfile.encoding=UTF-8 Jenkins LTS 1.596.3 Apache httpd 2.4 / mod_jk as frontend using kerberos authentication Windows 2008 R2 Domain user database in Active Directory Labels: auth authentication authorization ldap group Priority: Major Reporter: Tim-Christian Bloss We're using reverse-proxy-auth plugin for authentication and role-strategy-plugin for authorization. The users connect to apache httpd 2.4 which authenticates against Windows 2008 R2 active directory and passes user authentication to Tomcat/Jenkins. In Jenkins the reverse-proxy-auth-plugin accesses active directory using its LDAP configuration to lookup a users groups. This works fine for groups in which the user is directly listed as member. When the user is member of group "A" and group "A" is member of group "B" which itself is member of group "C", then we don't get those "nesting parents" ("B" + "C") recognized for authorization purposes which causes permissions not to be granted. Add Comment

This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)

[tim-christian.bloss@elaxy.de (JIRA)]

Tim-Christian Bloss updated an issue

Jenkins / JENKINS-29330

nested groups not looked up

Change By: Tim-Christian Bloss Issue Type: Improvement Bug

Add Comment

[Michael@Sprauer.net (JIRA)]

Michael S commented on JENKINS-29330

Re: nested groups not looked up Could be solved by https://github.com/jenkinsci/active-directory-plugin/pull/98 (which might deprecate this plugin) Please check

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)