Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55813

Improve AD/LDAP attribute analysis for locked accounts

    Details

    • Similar Issues:

      Description

      In the current situation, there is no check about the accounts that are disabled, locked or expired, or having their credentials expired in active-directory.

      This ticket has the goal to improve the situation by reading as much as possible from the attributes returned by the server.

      Relevant docs:

        Attachments

          Activity

          wfollonier Wadeck Follonier created issue -
          spinus1 Alessio Moscatello made changes -
          Field Original Value New Value
          Assignee Wadeck Follonier [ wfollonier ] Alessio Moscatello [ spinus1 ]
          wfollonier Wadeck Follonier made changes -
          Remote Link This issue links to "#89 in active-directory (Web Link)" [ 22316 ]
          wfollonier Wadeck Follonier made changes -
          Remote Link This issue links to "#34 in ldap (Web Link)" [ 22317 ]
          wfollonier Wadeck Follonier made changes -
          Remote Link This issue links to "#3866 in core (Web Link)" [ 22318 ]
          spinus1 Alessio Moscatello made changes -
          Assignee Alessio Moscatello [ spinus1 ] Wadeck Follonier [ wfollonier ]
          danielbeck Daniel Beck made changes -
          Link This issue is duplicated by SECURITY-900 [ SECURITY-900 ]
          fbelzunc Félix Belzunce Arcos made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          fbelzunc Félix Belzunce Arcos made changes -
          Status In Progress [ 3 ] Open [ 1 ]
          jvz Matt Sicker made changes -
          Remote Link This issue links to "#96 in active-directory (Web Link)" [ 23013 ]
          jvz Matt Sicker made changes -
          Remote Link This issue links to "#89 in active-directory (Web Link)" [ 22316 ]
          jvz Matt Sicker made changes -
          Description In the current situation, there is no check about the accounts that are disabled, locked or expired, or having their credentials expired in active-directory.

          This ticket has the goal to improve the situation by reading as much as possible from the attributes returned by the server.
          In the current situation, there is no check about the accounts that are disabled, locked or expired, or having their credentials expired in active-directory.

          This ticket has the goal to improve the situation by reading as much as possible from the attributes returned by the server.

          Relevant docs:
           * [https://ldapwiki.com/wiki/Administratively%20Disabled]
           ** [https://ldapwiki.com/wiki/ACCOUNTDISABLE]
           * [https://ldapwiki.com/wiki/Account%20Expiration]
           ** [https://ldapwiki.com/wiki/AccountExpires]
           * [https://ldapwiki.com/wiki/Password%20Expiration]
           ** [https://ldapwiki.com/wiki/AD%20Determining%20Password%20Expiration]
           * [https://ldapwiki.com/wiki/Account%20Lockout] and [https://ldapwiki.com/wiki/Intruder%20Detection]
           ** [https://ldapwiki.com/wiki/Active%20Directory%20Account%20Lockout]
          jvz Matt Sicker made changes -
          Remote Link This issue links to "LDAP PR second attempt (Web Link)" [ 25811 ]
          jvz Matt Sicker made changes -
          Remote Link This issue links to "Core PR second attempt (Web Link)" [ 25812 ]

            People

            • Assignee:
              wfollonier Wadeck Follonier
              Reporter:
              wfollonier Wadeck Follonier
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated: