Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41914

Basic authentication with group membership strategy and FreeIPA

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • ldap-plugin
    • None

      We use kerberos-sso, ldap plugin, and role strategy for authentication and authorization.

      A freeipa is configured as ldap server.

      Authorization work well with kerberos login. However, with basic authentication, ldap plugin doesn't return indirect groups of user for authorization.

      Attached files:
      test.groovy: script for check return authorities of login
      ldap-plugin.conf: a part of ldap plugin config
      0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch: a temporary solution

          [JENKINS-41914] Basic authentication with group membership strategy and FreeIPA

          I am wondering how kerberos plugin is involved. Coincidentally, the basic auth is not handled by kerberos-sso. Do I understand correctly the permissions are correct when kerberos negotiation is used but "wrong" when basic auth is used?

          [1] https://issues.jenkins-ci.org/browse/JENKINS-38687

          Oliver Gondža added a comment - I am wondering how kerberos plugin is involved. Coincidentally, the basic auth is not handled by kerberos-sso. Do I understand correctly the permissions are correct when kerberos negotiation is used but "wrong" when basic auth is used? [1] https://issues.jenkins-ci.org/browse/JENKINS-38687

          Concluding this is not related to kerberos sso plugin.

          Oliver Gondža added a comment - Concluding this is not related to kerberos sso plugin.

            t_westling Tomas Westling
            ptt_mt0003 Toan Pham
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: