Matrix-based security does not authenticate group users in Active Directory
2,463 views
Skip to first unread message
SamL
Nov 18, 2013, 12:49:10 PM11/18/13
to jenkins...@googlegroups.com
Hello Folks,
We are facing an issue where Matrix-based security does not appear to be authenticating against users in groups.
We have tried both:
Active Directory and LDAP Security Realms and the issue appears in both cases
We we add an Active Directory name in the Matrix-based security users in that group only see the settings applied to anonymous.
It works find for individual users.
There are no errors in the log file either.
Any help would be very much appreciated.
Jenkins 1.509.4
Ubuntu 12.04
Jenkins Active Directory plugin 1.33
Daniel Beck
Nov 18, 2013, 1:19:33 PM11/18/13
to jenkins...@googlegroups.com
Does it show the 'group' icon, or an error icon when you're assigning permissions to a group?
What's the result when running the test script at https://wiki.jenkins-ci.org/display/JENKINS/LDAP+Plugin#LDAPPlugin-Troubleshooting ?
When you open http://yourjenkins/whoAmI, are all the expected groups shown for the currently logged in user?
Jenkins (at least LDAP) doesn't do recursive group resolution, i.e. if there's a 'users' group, which has member groups like 'developers' and 'managers', and you're only a member of 'developers', then Jenkins does not consider you a member of 'users'!
> --
> You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
What's the result when running the test script at https://wiki.jenkins-ci.org/display/JENKINS/LDAP+Plugin#LDAPPlugin-Troubleshooting ?
When you open http://yourjenkins/whoAmI, are all the expected groups shown for the currently logged in user?
Jenkins (at least LDAP) doesn't do recursive group resolution, i.e. if there's a 'users' group, which has member groups like 'developers' and 'managers', and you're only a member of 'developers', then Jenkins does not consider you a member of 'users'!
> You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
SamL
Nov 22, 2013, 1:57:02 PM11/22/13
to jenkins...@googlegroups.com
Thank you for the reply Daniel.
This was a weird issue, that seems to have gone away.
All we did was to leave the Active Directory and Matrix-based security enable overnight and the next day things began working ok.
Not sure what that is all about.
This was a weird issue, that seems to have gone away.
All we did was to leave the Active Directory and Matrix-based security enable overnight and the next day things began working ok.
Not sure what that is all about.
h yee
Aug 17, 2016, 9:59:38 AM8/17/16
to Jenkins Users
This was my issue
For job project-base security to work with AD group/ user configured in a job,
remove from AD group / user from 'configure global security'
Reply all
Reply to author
Forward
0 new messages