• Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • _unsorted
    • None
    • Platform: All, OS: All

      I've set up the LDAP security realm, such that anyone in my company's LDAP can log on to Hudson. It
      works quite well, but now I'd like to set up the "matrix security" such that one person is the
      administrator, and only people in a specific group, say "tech", can create/configure jobs.

      My LDAP really points to my company's Active Directory. Unfortunately, the search base for users is the
      same as the search-base for groups. What I'd like to see here is a "Group Search Filter". In this entry
      field, I'd put something like this:
      (&(cn=

      {0}

      )(objectClass=group))

      So, then in the matrix, I'd type in a name called "tech", and Hudson would find it, by using that filter.
      Then, when someone attempted to log into the system, it could tell if that user was a member of "tech"
      and give them special privileges.

      If there is a way to do this now, please let me know. I'm not an LDAP or AD expert here.

      -Dan.

          [JENKINS-4078] LDAP security needs a group filter

          Alan Harder added a comment -

          try entering ROLE_TECH as the username in matrix security.. there is another
          issue filed that this is not documented well (and doesn't match the validation),
          but to use LDAP groups you must use all caps and prefix with ROLE_.

          Alan Harder added a comment - try entering ROLE_TECH as the username in matrix security.. there is another issue filed that this is not documented well (and doesn't match the validation), but to use LDAP groups you must use all caps and prefix with ROLE_.

          dan_morrow added a comment -

          OK, thanks. This did the trick.

          dan_morrow added a comment - OK, thanks. This did the trick.

          Alan Harder added a comment -

          ok, great.. closing as duplicate of item for improving documentation here.

              • This issue has been marked as a duplicate of 3459 ***

          Alan Harder added a comment - ok, great.. closing as duplicate of item for improving documentation here. This issue has been marked as a duplicate of 3459 ***

            Unassigned Unassigned
            dan_morrow dan_morrow
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: