When setting up user groups in either the matrix or project matrix based security configuration using AD authentication in Jenkins - if a user is in a valid distribution group with read/write privileges they are unable to make API calls into Jenkins.

The only workaround is for a user to be explicitly listed in the matrix based security config.Not a huge issue since I only have a few users accessing Jenkins via REST but certainly an existing issue.

My guess is that there is code missing that does an ldapsearch on a users OU and matches that against a set of groups in the matrix security config to allow API access.