Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37858

Group based LDAP authentication does not work

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      When using LDAP Plugin, groups are not read unless user is explicitly granted admin rights ahead of time (defeating the point of using LDAP groups).

      I believe it is not a config issue as if the user is admin, they can, in fact, see groups with same config.

      To Recreate:

      1 - Set up LDAP Plugin to point to a working LDAP server with two user accounts (say, "admin" and "user" - make both have groups attached to them)
      2 - Set Authorization to "Anyone Can Do anything"
      3 - Verify you can login with each user and each user can see own groups by going to /users/<username> uri
      4 - Set up matrix auth (any conditional auth will do, matrix is the easiest one though) and grant "admin" overall admin rights, and "user" overall "read"
      5 - Repeat step 3, - at this point admin will see their own groups, but "user" will not be able too

      This is not just visual, group based authentication does not work - looking in logs it appears that "user" only has "authorized" permission when no admin rights

        Attachments

          Activity

          mlasevich Michael Lasevich created issue -
          oleg_nenashev Oleg Nenashev made changes -
          Field Original Value New Value
          Assignee Kohsuke Kawaguchi [ kohsuke ]

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            mlasevich Michael Lasevich
            Votes:
            5 Vote for this issue
            Watchers:
            13 Start watching this issue

              Dates

              Created:
              Updated: