Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55813

Improve AD/LDAP attribute analysis for locked accounts

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      In the current situation, there is no check about the accounts that are disabled, locked or expired, or having their credentials expired in active-directory.

      This ticket has the goal to improve the situation by reading as much as possible from the attributes returned by the server.

        Attachments

          Activity

          Hide
          wfollonier Wadeck Follonier added a comment -

          The PRs in ldap and active-directory uses the Microsoft's standard for the attribute names/values. I am not sure that's sufficient to cover most of the usage.

          Show
          wfollonier Wadeck Follonier added a comment - The PRs in ldap and active-directory uses the Microsoft's standard for the attribute names/values. I am not sure that's sufficient to cover most of the usage.
          Hide
          jvz Matt Sicker added a comment -

          Wadeck Follonier what do you mean by cover most of the usage? The usage within Jenkins plugins that may wish to impersonate a user? Or other LDAP servers? I've been starting to investigate this and have gotten somewhat confused around the current goal.

          Show
          jvz Matt Sicker added a comment - Wadeck Follonier what do you mean by cover most of the usage? The usage within Jenkins plugins that may wish to impersonate a user? Or other LDAP servers? I've been starting to investigate this and have gotten somewhat confused around the current goal.
          Hide
          wfollonier Wadeck Follonier added a comment -

          Matt Sicker In the core, I covered only the cast of the API Token, but didn't investigate further, it was just a PoC at that time. We need to ensure that every use of the Security realm check methods are consistent, i.e. checking the attribute of the UserDetails before using them.

          Show
          wfollonier Wadeck Follonier added a comment - Matt Sicker In the core, I covered only the cast of the API Token, but didn't investigate further, it was just a PoC at that time. We need to ensure that every use of the Security realm check methods are consistent, i.e. checking the attribute of the UserDetails before using them.
          Hide
          jschlessel James Schlesselman added a comment -

          FYI . . I was not able to login after upgading to 2.15.  I downgraded back to 2.14 and was able to login again.

          Show
          jschlessel James Schlesselman added a comment - FYI . . I was not able to login after upgading to 2.15.  I downgraded back to 2.14 and was able to login again.
          Hide
          nsleigh Neil Sleightholm added a comment -

          Same issue for me, 2.15 stops me logging in had to revert to 2.14.

          Show
          nsleigh Neil Sleightholm added a comment - Same issue for me, 2.15 stops me logging in had to revert to 2.14.
          Hide
          jvz Matt Sicker added a comment -

          I believe this PR was merged prematurely in the AD plugin. I'll submit a revert PR and refile the original as a draft PR.

          Show
          jvz Matt Sicker added a comment - I believe this PR was merged prematurely in the AD plugin. I'll submit a revert PR and refile the original as a draft PR.
          Hide
          jvz Matt Sicker added a comment -

          Adding link to updated AD PR as a draft.

          Show
          jvz Matt Sicker added a comment - Adding link to updated AD PR as a draft.
          Hide
          wfollonier Wadeck Follonier added a comment -

          The work on this ticket is "on-hold" for the moment, to be resumed soon-ish.

          Show
          wfollonier Wadeck Follonier added a comment - The work on this ticket is "on-hold" for the moment, to be resumed soon-ish.

            People

            • Assignee:
              wfollonier Wadeck Follonier
              Reporter:
              wfollonier Wadeck Follonier
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated: