Hudson Does not Check uniqueMember within LDAP Groups

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major
    • Component/s: _unsorted
    • None
    • Environment:
      Platform: All, OS: Linux

      Currently Hudson only checks for attribute member in LDAP groups. However, it is
      also quite common to use attribtute uniqueMember to store member list.

      In WEB-INF/security/LDAPBindSecurityRealm.groovy, an one-line change that makes
      Hudson search for both member=

      {0} and uniqueMember={0}

      can be done as follows:

      authoritiesPopulator(DeferredCreationLdapAuthoritiesPopulator,initialDirContextFactory,"ou=groups")
      {
      // groupRoleAttribute = "ou";
      groupSearchFilter = "(|(member=

      {0}) (uniqueMember={0}

      ))"
      }

      Thanks to Kohsuke.Kawaguchi@sun.com for the above code.

            Assignee:
            Alan Harder
            Reporter:
            alvin_chang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: