[JIRA] (JENKINS-59981) Role strategy plugin - nested groups issue

5 views
Skip to first unread message

wolskikd@gmail.com (JIRA)

unread,
Oct 30, 2019, 3:51:02 AM10/30/19
to jenkinsc...@googlegroups.com
Karol Wolski created an issue
 
Jenkins / Bug JENKINS-59981
Role strategy plugin - nested groups issue
Issue Type: Bug Bug
Assignee: Oleg Nenashev
Components: role-strategy-plugin
Created: 2019-10-30 07:50
Priority: Major Major
Reporter: Karol Wolski

Hello,

I've got a problem with Jenkins and role strategy plugin. I found similar issue mentioned here: https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin on 02.12.2014, but so far it seems that it still doesn't work properly.

Jenkins 2.176.3
Role-based Authorization Strategy 2.15
FreeIPA, version: 4.5.4

And I will just copy the issue because it's exactly the same in my scenario:

The "configuration to be expect" should be:

(Role) "Role 1" -> assigned to ->(Group) Group A ->that contains ->(Group) Group B ->that contains -> users.

The workaround that we have implemented is:

(Role) "Role 1" ->assigned to ->(Group) Group B ->that contains -> users.

The issue seems due to nested group on freeIPA that doesn't works correctly with the plugin.

Any suggestion would be appreciated.

Thank in advance for your help.

Best Regards.

Karol
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

piotr.r.public@gmail.com (JIRA)

unread,
Nov 13, 2019, 3:54:03 AM11/13/19
to jenkinsc...@googlegroups.com
Piotr Rogoża commented on Bug JENKINS-59981
 
Re: Role strategy plugin - nested groups issue

I have the same a problem for Active Directory. I use LDAP plugin to connect to AD. I also use filter *(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=

{0}

))* for nested group. But it does not work for Global roles.
Instead of main group, to which the user belongs indirectly, I have to list all subgroups for Global roles.

piotr.r.public@gmail.com (JIRA)

unread,
Nov 13, 2019, 4:00:02 AM11/13/19
to jenkinsc...@googlegroups.com
Piotr Rogoża edited a comment on Bug JENKINS-59981
I have the same a problem for Active Directory. I use LDAP plugin to connect to AD. I also use filter *(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:= \ {0}))* for nested group. But it does not work for Global roles.
Instead of main group, to which the user belongs indirectly, I have to list all subgroups for Global roles.


Jenkins: 2.190.0

Role-based Authorization Strategy: 2.15
Reply all
Reply to author
Forward
0 new messages