Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61589

role-strategy-plugin does not respect distributed lists

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • role-strategy-plugin
    • None
    • Jenkins ver. 2.225
      openjdk version 1.8.0_242
      role-strategy-plugin 2.16
      Linux Ubuntu 16.04

      Hi,

      we are trying to get the role-strategy-plugin working without success using distributed lists.

      Assigning item roles to a DL is working but the user inside the DL does not receive any permissions.

      Assigning a single user is working so the pattern works but does not make sense because we have a lot of users.

      The DL is listed with a group symbol so my guess is that AD is working in my eyes so no problems here.

       

      Is someone else having this problem?

       

      Thanks and best regards

      Tobias

          [JENKINS-61589] role-strategy-plugin does not respect distributed lists

          Oleg Nenashev added a comment -

          My guess is that the Active Directory plugin does not properly list authorities in the distributed lists. It can be checked by going to the /whoAmI page for users who are supposed to have permissions.

          Also, there are some permission caching issues reported for recent weekly releases. I still need to investigate them, but it would be great if you could check whether the issue remains after the restrt

          Oleg Nenashev added a comment - My guess is that the Active Directory plugin does not properly list authorities in the distributed lists. It can be checked by going to the /whoAmI page for users who are supposed to have permissions. Also, there are some permission caching issues reported for recent weekly releases. I still need to investigate them, but it would be great if you could check whether the issue remains after the restrt

          oleg_nenashev Thanks. The DL we assigned to roles is listed in the /whoAmI page of the users. What should I restart? Jenkins? We already did that many times. The problem exists since we installed the plugin in October 2019.

          Tobias Honacker added a comment - oleg_nenashev Thanks. The DL we assigned to roles is listed in the /whoAmI page of the users. What should I restart? Jenkins? We already did that many times. The problem exists since we installed the plugin in October 2019.

          Oleg Nenashev added a comment -

          Then I will investigate it as a part of the general caching problem.

          If you could provide an Active Directory Docker image which helps to reproduce the issue, it would help. I do not have AD, and I doubt I will be able to quickly reproduce the issue

          Oleg Nenashev added a comment - Then I will investigate it as a part of the general caching problem. If you could provide an Active Directory Docker image which helps to reproduce the issue, it would help. I do not have AD, and I doubt I will be able to quickly reproduce the issue

          oleg_nenashev Nope sorry. Another department is responsible for our AD. Let me know if you need further information.

          Tobias Honacker added a comment - oleg_nenashev Nope sorry. Another department is responsible for our AD. Let me know if you need further information.

          Ian Williams added a comment -

          toho, just wondering if perhaps all the rest of these were created in error; they appear  to be duplicates of this:
          Bug   Major  JENKINS-61543
          Bug   Major  JENKINS-61544
          Bug   Major  JENKINS-61552
          Bug   Major  JENKINS-61567
          Bug   Major  JENKINS-61585
          Bug   Minor  JENKINS-61549
          Task  Major  JENKINS-61551

          Ian Williams added a comment - toho , just wondering if perhaps all the rest of these were created in error; they appear  to be duplicates of this: Bug   Major  JENKINS-61543 Bug   Major  JENKINS-61544 Bug   Major  JENKINS-61552 Bug   Major  JENKINS-61567 Bug   Major  JENKINS-61585 Bug   Minor  JENKINS-61549 Task  Major  JENKINS-61551

          ianw wow okay, I was not aware that this ticket was duplicated 7 times. Sorry. I don't have the permission to close them.

          Tobias Honacker added a comment - ianw wow okay, I was not aware that this ticket was duplicated 7 times. Sorry. I don't have the permission to close them.

          Oleg Nenashev added a comment -

           Yes. The current state of the tracker is a mess. Due to some personal reasons, I have been unable to secure time for a proper caching fix

          Oleg Nenashev added a comment -  Yes. The current state of the tracker is a mess. Due to some personal reasons, I have been unable to secure time for a proper caching fix

            oleg_nenashev Oleg Nenashev
            toho Tobias Honacker
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: