Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34545

Assigning roles is case sensitive, and it shouldn't be

    Details

    • Similar Issues:

      Description

      Steps to reproduce:

      1. Create a user in Jenkins own user database with upper-case letters.
      2. Assign a role to this user, but use lower-case letters.
      3. Note that going back into Assign Roles shows the icon indicating that this user is valid.
      4. Note that this user does not have the appropriate role.
      5. Remove the previous role and assign the role to the user using upper-case letters.
      6. Note that the user now has the appropriate role.

      Since a user can login to their account in a case insensitive way, the role assignments should also be handled in a case insensitive way. Right now, it is very hard to figure out why roles are not working when the case is not matched between the role screen and the user database.

        Attachments

          Issue Links

            Activity

            Hide
            wgc123 D Pasto added a comment -

            I verified the workaround of assigning the user multiple times to each role:  JoeUser, joeuser, Joeuser, JOEUSER

            It doesn't display right since the LDAP lookup doesn't like the duplication, and it wouldn't scale well, but it does work - I can login with the most common capitalization patterns and get the right permissions

            Show
            wgc123 D Pasto added a comment - I verified the workaround of assigning the user multiple times to each role:  JoeUser, joeuser, Joeuser, JOEUSER It doesn't display right since the LDAP lookup doesn't like the duplication, and it wouldn't scale well, but it does work - I can login with the most common capitalization patterns and get the right permissions
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Unassigning the issue for now. We have added two Role Strategy plugin project ideas to GSoC 2019: https://jenkins.io/projects/gsoc/2019/project-ideas/. If somebody is interested in co-mentoring the ideas (including these tickets), please let us know

            Show
            oleg_nenashev Oleg Nenashev added a comment - Unassigning the issue for now. We have added two Role Strategy plugin project ideas to GSoC 2019: https://jenkins.io/projects/gsoc/2019/project-ideas/ . If somebody is interested in co-mentoring the ideas (including these tickets), please let us know
            Show
            oleg_nenashev Oleg Nenashev added a comment - https://github.com/jenkinsci/role-strategy-plugin/pull/43 BTW
            Hide
            buehlmann Benjamin Buehlmann added a comment -

            Same problem here with Active Directory integration. Any workarounds?

            Show
            buehlmann Benjamin Buehlmann added a comment - Same problem here with Active Directory integration. Any workarounds?
            Hide
            dwise10 David Wise added a comment - - edited

            I have the same issue. My Jenkins instance uses Security Realm of Active Directory, and Authorization of Role-Based Strategy. If the user does not use the same user ID case I use in Role Strategy, then they get the "missing the Overall/Read permission" error.

            As Active Directory does not care about case, my WORKAROUND is to enter 2 global and project entries for the user. One uppercase, DW12345, and one lowercase, dw12345. I could tell the user to use only lowercase, but then I would just get hassled by users who don't remember, or want an excuse to debate why we are moving to Jenkins. Love the plugin, as it works perfectly to control job visibility and read/write permissions. But the case sensitivity is an unnecessary pain.

            Show
            dwise10 David Wise added a comment - - edited I have the same issue. My Jenkins instance uses Security Realm of Active Directory, and Authorization of Role-Based Strategy. If the user does not use the same user ID case I use in Role Strategy, then they get the "missing the Overall/Read permission" error. As Active Directory does not care about case, my WORKAROUND is to enter 2 global and project entries for the user. One uppercase, DW12345, and one lowercase, dw12345. I could tell the user to use only lowercase, but then I would just get hassled by users who don't remember, or want an excuse to debate why we are moving to Jenkins. Love the plugin, as it works perfectly to control job visibility and read/write permissions. But the case sensitivity is an unnecessary pain.

              People

              • Assignee:
                Unassigned
                Reporter:
                w60001 Christopher Shannon
              • Votes:
                9 Vote for this issue
                Watchers:
                12 Start watching this issue

                Dates

                • Created:
                  Updated: