Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2256

Hudson Does not Check uniqueMember within LDAP Groups

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: _unsorted
    • Labels:
      None
    • Environment:
      Platform: All, OS: Linux
    • Similar Issues:

      Description

      Currently Hudson only checks for attribute member in LDAP groups. However, it is
      also quite common to use attribtute uniqueMember to store member list.

      In WEB-INF/security/LDAPBindSecurityRealm.groovy, an one-line change that makes
      Hudson search for both member=

      {0} and uniqueMember={0}

      can be done as follows:

      authoritiesPopulator(DeferredCreationLdapAuthoritiesPopulator,initialDirContextFactory,"ou=groups")
      {
      // groupRoleAttribute = "ou";
      groupSearchFilter = "(|(member=

      {0}) (uniqueMember={0}

      ))"
      }

      Thanks to Kohsuke.Kawaguchi@sun.com for the above code.

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in hudson
            User: : mindless
            Path:
            trunk/hudson/main/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
            trunk/www/changelog.html
            http://fisheye4.cenqua.com/changelog/hudson/?cs=16009
            Log:
            [FIXED JENKINS-2256] DeferredCreationLdapAuthoritiesPopulator was deprecated
            in 1.280, so the groupSearchFilter used there was lost. Moved this to
            groovy file so the uniqueMember query works again, and changed

            {0}

            to

            {1}

            in the memberUid query to fix that one.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in hudson User: : mindless Path: trunk/hudson/main/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy trunk/www/changelog.html http://fisheye4.cenqua.com/changelog/hudson/?cs=16009 Log: [FIXED JENKINS-2256] DeferredCreationLdapAuthoritiesPopulator was deprecated in 1.280, so the groupSearchFilter used there was lost. Moved this to groovy file so the uniqueMember query works again, and changed {0} to {1} in the memberUid query to fix that one.
            Hide
            krystian_nowak Krystian Nowak added a comment -

            adding myself as CC

            Show
            krystian_nowak Krystian Nowak added a comment - adding myself as CC
            Hide
            mindless Alan Harder added a comment -
                • Issue 2314 has been marked as a duplicate of this issue. ***
            Show
            mindless Alan Harder added a comment - Issue 2314 has been marked as a duplicate of this issue. ***
            Hide
            krystian_nowak Krystian Nowak added a comment -

            Confirmed - works in Hudson 1.290

            Show
            krystian_nowak Krystian Nowak added a comment - Confirmed - works in Hudson 1.290
            Hide
            krystian_nowak Krystian Nowak added a comment -

            Confirmed - works in Hudson 1.290

            Show
            krystian_nowak Krystian Nowak added a comment - Confirmed - works in Hudson 1.290

              People

              Assignee:
              mindless Alan Harder
              Reporter:
              alvin_chang alvin_chang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: