Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29129

Matrix user identification based on AD groups should be case insensitive and based on a user defined AD field (not exclusively CN)




      Matrix user identification based on AD groups failed because it is case sensitive and seems based by default on the AD “CN” field.

      We do have 2 trusted domains in which the UserID login value is stored into the “sAMAccountName” AD field, instead of the default “CN” field.
      We do have defined the Matrix permissions using AD groups. Those AD groups are recognized by Jenkins in the Matrix table.
      On one hand, when we log in into Jenkins, but the Matrix permissions are not applied, because it seems that the AD Plugin compares the login UserID against the “CN” field (which do not contain in our case the UserID).
      On the other hand, we tested also a connection using an AD user having the UserID value into the “CN” field (instead of the “sAMAccountName” field. The user could log on and retrieve the Matrix permissions, only if the correct UserID case is used. No attempts using different UserID cases (i.e. USERID, UserID, userid, …) were successful regarding Matrix permissions.

      The AD plugins should propose (such as it is done in the LDAP plugin) :
      • A drop down list in order to accept case sensitive/insensitive settings
      • A text box (or drop down list) should allow to validate the users against a user defined AD field, not only the “CN” field.


        Issue Links



              Unassigned Unassigned
              coca CoCA Team
              1 Vote for this issue
              3 Start watching this issue