-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Major
-
Component/s: ldap-plugin
-
Environment:Jenkins v1.618
LDAP Plugin v1.11 & v1.12 (tested both)
Every few login attempts, our users receive an error that they do not have overall/read permission. These users are part of an LDAP group with Administer permissions.
The current workaround is to logout and back in until access is given, but this isn't ideal.
The security section of config.xml is below:
<useSecurity>true</useSecurity> <authorizationStrategy class="hudson.security.GlobalMatrixAuthorizationStrategy"> <permission>hudson.model.Hudson.Administer:ldapserviceaccount</permission> <permission>hudson.model.Hudson.Administer:ldapgroup</permission> </authorizationStrategy> <securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" plugin="active-directory@1.42"> <domain>foo.bar.com</domain> <site>wetc</site> <bindName>CN=foo,OU=bar,OU=foo,OU=bar,DC=foo,DC=bar,DC=com</bindName> <bindPassword>blahblahblah=</bindPassword> <groupLookupStrategy>AUTO</groupLookupStrategy> <removeIrrelevantGroups>false</removeIrrelevantGroups> </securityRealm> <disableRememberMe>false</disableRememberMe>
