Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-3071

Authorization fails when using grandparent group in matrix security

    Details

    • Similar Issues:

      Description

      I use the Active Directory security realm and matrix based security. If I add an
      Active Directory group where the user is an explicit member of, authorization
      works correctly. However, if I add a grandparent group (user is member of a
      group which is member of another group), the authorization fails. I have tried
      this numerous times so far, and always double checked that my group names where
      correctly filled in. It seems reproducible.

      Hudson 1.283
      Active Directory Plugin 1.8

        Attachments

          Issue Links

            Activity

            ridesmet Ringo De Smet created issue -
            Hide
            teilo James Nord added a comment -

            am working on this

            Show
            teilo James Nord added a comment - am working on this
            teilo James Nord made changes -
            Field Original Value New Value
            Status Open [ 1 ] In Progress [ 3 ]
            Hide
            teilo James Nord added a comment -
                • Issue 3835 has been marked as a duplicate of this issue. ***
            Show
            teilo James Nord added a comment - Issue 3835 has been marked as a duplicate of this issue. ***
            teilo James Nord made changes -
            Link This issue is duplicated by JENKINS-3835 [ JENKINS-3835 ]
            Hide
            teilo James Nord added a comment -

            taking ownership

            Show
            teilo James Nord added a comment - taking ownership
            teilo James Nord made changes -
            Status In Progress [ 3 ] Open [ 1 ]
            Hide
            teilo James Nord added a comment -

            implemented for the unix provider.
            see http://fisheye4.atlassian.com/changelog/hudson/?cs=19222

            Show
            teilo James Nord added a comment - implemented for the unix provider. see http://fisheye4.atlassian.com/changelog/hudson/?cs=19222
            teilo James Nord made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            Hide
            teilo James Nord added a comment -

            Setting OS -> WinXP (as is is only the native COM interface that isn't working now.)

            Show
            teilo James Nord added a comment - Setting OS -> WinXP (as is is only the native COM interface that isn't working now.)
            teilo James Nord made changes -
            Status In Progress [ 3 ] Open [ 1 ]
            Hide
            peter_schuetze peter_schuetze added a comment -

            Additional error case:

            I had a group with two users. One user had an lower case user name and the
            second user name was all capital letters. I permissioned read access for the
            group using Matrix Based Security. User one was able to login, but not user two
            (all caps). After configuring the second user separatly, he was able to login.

            This was on a Windows XP box. On a Windows Server box, everything was fine after
            permissioning only the group. No need to permission the second user (all caps)
            separately.

            Show
            peter_schuetze peter_schuetze added a comment - Additional error case: I had a group with two users. One user had an lower case user name and the second user name was all capital letters. I permissioned read access for the group using Matrix Based Security. User one was able to login, but not user two (all caps). After configuring the second user separatly, he was able to login. This was on a Windows XP box. On a Windows Server box, everything was fine after permissioning only the group. No need to permission the second user (all caps) separately.
            Hide
            kohsuke Kohsuke Kawaguchi added a comment -

            ADSI (that COM version talks to) should be resolving all the transitive groups. Marking as closed.

            Show
            kohsuke Kohsuke Kawaguchi added a comment - ADSI (that COM version talks to) should be resolving all the transitive groups. Marking as closed.
            kohsuke Kohsuke Kawaguchi made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Assignee Kohsuke Kawaguchi [ kohsuke ]
            Resolution Fixed [ 1 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 133144 ] JNJira + In-Review [ 186609 ]

              People

              • Assignee:
                kohsuke Kohsuke Kawaguchi
                Reporter:
                ridesmet Ringo De Smet
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: