Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60443

LDAP Plugin Ignores Group Search Filter


    • Similar Issues:


      When configuring a Group Serch Filter in Jenkins it is not evaluated. Step-Debugging the Plugin reveals that the AuthoritiesPopulatorImpl holds the default value in groupSearchFilter. Setting a Group memberhsip filter causes the groupSearchFilter Field in AuthoritiesPopulatorImpl to hold the Group membership filter.


      Our Group configuration in LDAP is a tree following this schema:

      ou:Project ---> ou:Tool ---> cn: posixGroup

      We use Group Search Filters to match the correct ou to search Groups having the same Groupname may exist in other tool OUs. The filter used is (ou:dn:=ci) as the Tools ou we host our Jenkins groups in is called ci. Having a group admin in this ou and having a group admin in another ou causes that other Group to also be matched. 


      My discovery is, that with a Group Search Filter set in the LDAP Configuration, the AuthoritiesPopulatorImpl holds the Filter "(| (member={0}) (uniqueMember={0}) (memberUid={1}))" in the groupSearchFilter field. As a fix I was able to set the Group membership filter to "(&(ou:dn:=ci)(memberUid={1}))".


      Possible fixes: Either drop the Group search filter field entirely as it seems disused or restore usage of this field



          There are no comments yet on this issue.


            • Assignee:
              juwi Julian Wissmann
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: