-
Bug
-
Resolution: Unresolved
-
Major
-
Jenkins v1.618
LDAP Plugin v1.11 & v1.12 (tested both)
Every few login attempts, our users receive an error that they do not have overall/read permission. These users are part of an LDAP group with Administer permissions.
The current workaround is to logout and back in until access is given, but this isn't ideal.
The security section of config.xml is below:
<useSecurity>true</useSecurity> <authorizationStrategy class="hudson.security.GlobalMatrixAuthorizationStrategy"> <permission>hudson.model.Hudson.Administer:ldapserviceaccount</permission> <permission>hudson.model.Hudson.Administer:ldapgroup</permission> </authorizationStrategy> <securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" plugin="active-directory@1.42"> <domain>foo.bar.com</domain> <site>wetc</site> <bindName>CN=foo,OU=bar,OU=foo,OU=bar,DC=foo,DC=bar,DC=com</bindName> <bindPassword>blahblahblah=</bindPassword> <groupLookupStrategy>AUTO</groupLookupStrategy> <removeIrrelevantGroups>false</removeIrrelevantGroups> </securityRealm> <disableRememberMe>false</disableRememberMe>
[JENKINS-37856] LDAP Authentication Overall/Read Permissions Missing
Zack White
created issue -
Zack White
made changes -
| Description |
Original:
Every few login attempts, our users receive an error that they do not have overall/read permission. These users are part of an LDAP group with Administer permissions. The current workaround is to logout and back in until access is given, but this isn't ideal. The security section of config.xml is below: {{<useSecurity>true</useSecurity> <authorizationStrategy class="hudson.security.GlobalMatrixAuthorizationStrategy"> <permission>hudson.model.Hudson.Administer:ldapserviceaccount</permission> <permission>hudson.model.Hudson.Administer:ldapgroup</permission> </authorizationStrategy> <securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" plugin="active-directory@1.42"> <domain>foo.bar.com</domain> <site>wetc</site> <bindName>CN=foo,OU=bar,OU=foo,OU=bar,DC=foo,DC=bar,DC=com</bindName> <bindPassword>blahblahblah=</bindPassword> <groupLookupStrategy>AUTO</groupLookupStrategy> <removeIrrelevantGroups>false</removeIrrelevantGroups> </securityRealm> <disableRememberMe>false</disableRememberMe>}} |
New:
Every few login attempts, our users receive an error that they do not have overall/read permission. These users are part of an LDAP group with Administer permissions. The current workaround is to logout and back in until access is given, but this isn't ideal. The security section of config.xml is below: {code:java} <useSecurity>true</useSecurity> <authorizationStrategy class="hudson.security.GlobalMatrixAuthorizationStrategy"> <permission>hudson.model.Hudson.Administer:ldapserviceaccount</permission> <permission>hudson.model.Hudson.Administer:ldapgroup</permission> </authorizationStrategy> <securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" plugin="active-directory@1.42"> <domain>foo.bar.com</domain> <site>wetc</site> <bindName>CN=foo,OU=bar,OU=foo,OU=bar,DC=foo,DC=bar,DC=com</bindName> <bindPassword>blahblahblah=</bindPassword> <groupLookupStrategy>AUTO</groupLookupStrategy> <removeIrrelevantGroups>false</removeIrrelevantGroups> </securityRealm> <disableRememberMe>false</disableRememberMe> {code} |
Lavnish Lalchandani
made changes -
| Attachment | New: config.xml [ 40928 ] |
Lavnish Lalchandani
made changes -
| Attachment | New: config.xml [ 40929 ] |
Lavnish Lalchandani
made changes -
| Attachment | Original: config.xml [ 40929 ] |
Lavnish Lalchandani
made changes -
| Attachment | New: Untitled.png [ 40930 ] |
Lavnish Lalchandani
made changes -
| Comment | [ [~oleg_nenashev] can you comment here , the issue i am facing is because of this defect or a mis-configuation at my end ... as i am getting this error at time of first login while others are getting it at after few login attempts , i dont think its because of mis-configuration ] |
| Assignee | Original: Kohsuke Kawaguchi [ kohsuke ] |