I've released 1.38 that contains the fix to this problem.

You can go to "Configure global security" and under the "advanced" tab, you can choose "Group Membership Lookup Strategy".

You basically have two choices.

  • "Recursive queries", which is the pre-1.37 behavior. This involves issuing a number of simple LDAP queries to recursively find all the groups that you belong to. Reported by some people not to find all groups, and also reported by others to be slow (presumably due to the number of queries it has to issue)
  • "LDAP_MATCHING_RULE_IN_CHAIN", which is what 1.37 added. People who are hit by JENKINS-22830 is likely not want to use this, but otherwise the consensus in the developer community appears to be that this is the way to go. After all, why would Microsoft go out of its way to add a custom extension to LDAP if it's not supposed to be used!?

The default is "automatic" and it tries to do the right thing the best it can.

The main challenge for me to work on a problem like this is that I do not have direct access to any large AD deployment. Looking forward to your feedback on relative merits/problems so that we can improve the situation over time.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to