Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29330

nested groups not looked up

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Environment:
    • Similar Issues:

      Description

      We're using reverse-proxy-auth plugin for authentication and role-strategy-plugin for authorization.

      The users connect to apache httpd 2.4 which authenticates against Windows 2008 R2 active directory and passes user authentication to Tomcat/Jenkins.

      In Jenkins the reverse-proxy-auth-plugin accesses active directory using its LDAP configuration to lookup a users groups.

      This works fine for groups in which the user is directly listed as member.
      When the user is member of group "A" and group "A" is member of group "B" which itself is member of group "C", then we don't get those "nesting parents" ("B" + "C") recognized for authorization purposes which causes permissions not to be granted.

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Nothing to do in the Role Strategy plugin from what I see

          Show
          oleg_nenashev Oleg Nenashev added a comment - Nothing to do in the Role Strategy plugin from what I see
          Hide
          michels Michael S added a comment -

          Could be solved by https://github.com/jenkinsci/active-directory-plugin/pull/98 (which might deprecate this plugin)

          Please check

           

          Show
          michels Michael S added a comment - Could be solved by https://github.com/jenkinsci/active-directory-plugin/pull/98 (which might deprecate this plugin) Please check  

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            tcb_xy Tim-Christian Bloss
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: