Stephen Connolly (2014-05-22 17:12):
OK, so there is now rumoured to be a faster and better way to look up
the groups that a user belongs to in the LDAP 1.10 plugin.
I say rumoured because due to the complexities of Active Directory
server configurations, one can never be quite sure until one has had a
fair amount of testing.
To that end, please could you set up a simple test Jenkins instance
and upgrade to ldap:1.10 and configure the `Parse user attribute for
list of groups` group membership strategy (again rumour has it that on
Active Directory the attribute `memberOf` is the magic attribute.
See if that ends up giving you the same JENKINS_URL/whoAmI list of
groups as when you have the `Search for groups containing user` set
with the filter being `(member:1.2.840.113556.1.4.1941:={0})`...
though the `Parse user attribute for list of groups` should be very
very fast for login while the `Search for groups containing user`
could take *ages*.
Seems the rumors are right ;-). New version is very snappy. It's the
first time I could disable LDAP cache.
BTW if we don't use LDAP/AD groups could I disable checking for groups
in LDAP somehow? Maybe that would make it even faster... We only use
"authenticated" group to assign roles (we use Role Strategy plugin).
BTW "role-strategy/assign-roles" now loads icons on the list within 1-2
seconds. It used to load about 10 times slower so good work!
Regards,
Nux.
--
You received this message because you are subscribed to the Google Groups "Jenkins
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
