-
Bug
-
Resolution: Unresolved
-
Major
-
None
We use kerberos-sso, ldap plugin, and role strategy for authentication and authorization.
A freeipa is configured as ldap server.
Authorization work well with kerberos login. However, with basic authentication, ldap plugin doesn't return indirect groups of user for authorization.
Attached files:
test.groovy: script for check return authorities of login
ldap-plugin.conf: a part of ldap plugin config
0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch: a temporary solution
I am wondering how kerberos plugin is involved. Coincidentally, the basic auth is not handled by kerberos-sso. Do I understand correctly the permissions are correct when kerberos negotiation is used but "wrong" when basic auth is used?
[1] https://issues.jenkins-ci.org/browse/JENKINS-38687