On Tuesday, November 18, 2014, Marshall <[email protected]> wrote:
> Hi all, > > I'm trying to restrict the people that can successfully *login* to a > narrow set of LDAP groups. I've tried several settings, and searched for > solutions. So far I'm coming up blank. So, here I am, looking for > assistance. > > So, given the following example setup, what would be the correct settings > to use? > > Jenkins 1.581.1 (running as a windows service) > Windows Server 2008 R2 64-bit > ad.example.edu > Limit logins only to members of the group: > ad.example.edu/DEVS/abc1/Groups/abc1_developers > > To be clear, my needs can't be answered by matrix authorization. The goal > right now is to restrict *authentication*, not authorization. > > > Many thanks for your time, > Marshall > What is wrong with letting somebody "login" if their login permissions are zero? I argue that you want to let anyone login but do not give even Overall/Read or Item/Read to the "authenticated" special user, rather hold those permissions back for users in the groups you care about If you insist on the less sensible path then you will need to craft your user search filter to only include users in the groups you want (and perhaps bye bye login performance too) > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <javascript:_e(%7B%7D,'cvml','jenkinsci-users%[email protected]');> > . > For more options, visit https://groups.google.com/d/optout. > -- Sent from my phone -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
