Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2256

Hudson Does not Check uniqueMember within LDAP Groups

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • _unsorted
    • None
    • Platform: All, OS: Linux

    Description

      Currently Hudson only checks for attribute member in LDAP groups. However, it is
      also quite common to use attribtute uniqueMember to store member list.

      In WEB-INF/security/LDAPBindSecurityRealm.groovy, an one-line change that makes
      Hudson search for both member=

      {0} and uniqueMember={0}

      can be done as follows:

      authoritiesPopulator(DeferredCreationLdapAuthoritiesPopulator,initialDirContextFactory,"ou=groups")
      {
      // groupRoleAttribute = "ou";
      groupSearchFilter = "(|(member=

      {0}) (uniqueMember={0}

      ))"
      }

      Thanks to Kohsuke.Kawaguchi@sun.com for the above code.

      Attachments

        Issue Links

          is duplicated by

          Patch - JENKINS-2314 Supporting uniqueMember in LDAP

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            View 6 older comments
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in hudson
            User: : mindless
            Path:
            trunk/hudson/main/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
            trunk/www/changelog.html
            http://fisheye4.cenqua.com/changelog/hudson/?cs=16009
            Log:
            [FIXED JENKINS-2256] DeferredCreationLdapAuthoritiesPopulator was deprecated
            in 1.280, so the groupSearchFilter used there was lost. Moved this to
            groovy file so the uniqueMember query works again, and changed

            {0}

            to

            {1}

            in the memberUid query to fix that one.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in hudson User: : mindless Path: trunk/hudson/main/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy trunk/www/changelog.html http://fisheye4.cenqua.com/changelog/hudson/?cs=16009 Log: [FIXED JENKINS-2256] DeferredCreationLdapAuthoritiesPopulator was deprecated in 1.280, so the groupSearchFilter used there was lost. Moved this to groovy file so the uniqueMember query works again, and changed {0} to {1} in the memberUid query to fix that one.
            krystian_nowak Krystian Nowak added a comment -

            adding myself as CC

            krystian_nowak Krystian Nowak added a comment - adding myself as CC
            mindless Alan Harder added a comment -
                • Issue 2314 has been marked as a duplicate of this issue. ***
            mindless Alan Harder added a comment - Issue 2314 has been marked as a duplicate of this issue. ***
            krystian_nowak Krystian Nowak added a comment -

            Confirmed - works in Hudson 1.290

            krystian_nowak Krystian Nowak added a comment - Confirmed - works in Hudson 1.290
            krystian_nowak Krystian Nowak added a comment -

            Confirmed - works in Hudson 1.290

            krystian_nowak Krystian Nowak added a comment - Confirmed - works in Hudson 1.290

            People

              mindless Alan Harder
              alvin_chang alvin_chang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: