LDAP group lookup

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP group lookup

Dave Rearden
hi there,

i'm running Hudson 1.312 on opensuse here, trying to query an LDAP
server. hudson can look up usernames, and get people logged in no
problem, it will also allow me to use groups in the "matrix
authentication" method, meaning it can look them up, as i get the little
group icon too.


problem being, if i want to used group-based security to save adding
each individual user to the matrix, hudson doesn't see the user as being
in the group, and denies login.

so, to summarize:

1. user auth via LDAP works
2. group lookup (in matrix authentication gui) works, group icon
automatically appears when i click "add"
3. user group membership lookup doesn't work at all

i notice there's no "group search filter", whereas there is a "user
search filter".

in my group, users are represented by "memberUid" as opposed to "uid".

can anyone help?

thanks,

dave.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: LDAP group lookup

Greg Sidelinger
This is not documented too well in the older versions but you need to
prefix your group names with ROLL_. So if you group name was hudson in
ldap your group name in the matrix would be ROLL_HUDSON. The latest
versions have this very well documented in the online help. Also I
think you are good with memberUid if I recall from reading the code
when I was setting up groups.

Greg

On Wed, Dec 16, 2009 at 6:57 AM, Dave Rearden
<[hidden email]> wrote:

> hi there,
>
> i'm running Hudson 1.312 on opensuse here, trying to query an LDAP server.
> hudson can look up usernames, and get people logged in no problem, it will
> also allow me to use groups in the "matrix authentication" method, meaning
> it can look them up, as i get the little group icon too.
>
>
> problem being, if i want to used group-based security to save adding each
> individual user to the matrix, hudson doesn't see the user as being in the
> group, and denies login.
>
> so, to summarize:
>
> 1. user auth via LDAP works
> 2. group lookup (in matrix authentication gui) works, group icon
> automatically appears when i click "add"
> 3. user group membership lookup doesn't work at all
>
> i notice there's no "group search filter", whereas there is a "user search
> filter".
>
> in my group, users are represented by "memberUid" as opposed to "uid".
>
> can anyone help?
>
> thanks,
>
> dave.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>



--
It is a mistake to think you can solve any major problems just with potatoes.
  - Douglas Adams

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: LDAP group lookup

jcarsique
Hi,

It's not ROLL but ROLE.
And you're right Dave: there's no group search filter, only the group
search base DN.

Cheers,
Julien

Le 23/12/09 14:40, Greg Sidelinger a écrit :

> This is not documented too well in the older versions but you need to
> prefix your group names with ROLL_. So if you group name was hudson in
> ldap your group name in the matrix would be ROLL_HUDSON. The latest
> versions have this very well documented in the online help. Also I
> think you are good with memberUid if I recall from reading the code
> when I was setting up groups.
>
> Greg
>
> On Wed, Dec 16, 2009 at 6:57 AM, Dave Rearden
> <[hidden email]> wrote:
>  
>> hi there,
>>
>> i'm running Hudson 1.312 on opensuse here, trying to query an LDAP server.
>> hudson can look up usernames, and get people logged in no problem, it will
>> also allow me to use groups in the "matrix authentication" method, meaning
>> it can look them up, as i get the little group icon too.
>>
>>
>> problem being, if i want to used group-based security to save adding each
>> individual user to the matrix, hudson doesn't see the user as being in the
>> group, and denies login.
>>
>> so, to summarize:
>>
>> 1. user auth via LDAP works
>> 2. group lookup (in matrix authentication gui) works, group icon
>> automatically appears when i click "add"
>> 3. user group membership lookup doesn't work at all
>>
>> i notice there's no "group search filter", whereas there is a "user search
>> filter".
>>
>> in my group, users are represented by "memberUid" as opposed to "uid".
>>
>> can anyone help?
>>
>> thanks,
>>
>> dave.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>>    
>
>
>  


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: LDAP group lookup

Johannes t.
Hello,

I was wondering if that holds true for ActiveDirectory groups and the AD plugin too. We're using an AD here, and I am using the AD plugin for authentication with project based Matrix-Rights. 

Now I'ld like to roll out Hudson across another department instead of just ours (and finally it may end up rolled out across the entire company as the central it operations got interested in it) and need to be able to limit access to existing and new jobs to the departments based on the users AD group membership.

I've tried adding ROLE_department and department as users and giving them rights, anyhow that did not seem to work.

As for the version of Hudson: I am using the auto-update feature to update weekly or bi-weekly.

Thanks for any information. 

Regards,
Joti

2009/12/28 Julien CARSIQUE <[hidden email]>
Hi,

It's not ROLL but ROLE.
And you're right Dave: there's no group search filter, only the group
search base DN.

Cheers,
Julien

Le 23/12/09 14:40, Greg Sidelinger a écrit :
> This is not documented too well in the older versions but you need to
> prefix your group names with ROLL_. So if you group name was hudson in
> ldap your group name in the matrix would be ROLL_HUDSON. The latest
> versions have this very well documented in the online help. Also I
> think you are good with memberUid if I recall from reading the code
> when I was setting up groups.
>
> Greg
>
> On Wed, Dec 16, 2009 at 6:57 AM, Dave Rearden
> <[hidden email]> wrote:
>
>> hi there,
>>
>> i'm running Hudson 1.312 on opensuse here, trying to query an LDAP server.
>> hudson can look up usernames, and get people logged in no problem, it will
>> also allow me to use groups in the "matrix authentication" method, meaning
>> it can look them up, as i get the little group icon too.
>>
>>
>> problem being, if i want to used group-based security to save adding each
>> individual user to the matrix, hudson doesn't see the user as being in the
>> group, and denies login.
>>
>> so, to summarize:
>>
>> 1. user auth via LDAP works
>> 2. group lookup (in matrix authentication gui) works, group icon
>> automatically appears when i click "add"
>> 3. user group membership lookup doesn't work at all
>>
>> i notice there's no "group search filter", whereas there is a "user search
>> filter".
>>
>> in my group, users are represented by "memberUid" as opposed to "uid".
>>
>> can anyone help?
>>
>> thanks,
>>
>> dave.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>>
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]