I am trying to do something I thought I have done many times before, but it is not working now - using Roles based Authorization with LDAP authentication and specifically LDAP Groups
I believe I have LDAP Authentication setup and working for both users and groups I believe I have Role based authentication set up. Granting roles to LDAP users directly - either global or project roles - works. I can login with LDAP user and get expected permissions. Granting roles to 'authenticated' also seems to work. However if I grant permissions to LDAP group - it just does not work. I am very confused why assigning roles to groups does not work. Few thoughts and observations: * "Assign Roles" UI recognizes LDAP Groups and shows a group icon next to them. * "User status" UI (/user/username URI) shows groups for the use and I even ran that LDAP test groovy script that worked as expected. Although... * "User Status" only shows groups to "admin" user. A regular use with just access to run specific jobs does not see their own groups - perhaps something is blocking non-admin users from reading their own groups? * Increasing logging shows that a user that was granted admin rights directly has all the groups in the "Granted Authorities" but non-admin user only has "authenticated" - interestingly enough admin user does NOT have 'authenticated'... * Don't think it is relevant here, but in the past I recall having to do a special prefix for groups (like '@' I think) - not sure if this is still necessary Versions -- Running this on: * Jenkins 2.10 * LDAP Plugin 1.12 * Role Based Authorization Strategy 2.3.2 Any thoughts or suggestions would be appreciated.... Thanks, -Michael -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/0c1f3dd2-e132-4c08-b8e3-c4b22cb2974c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
