Yeah, I had nothing too. I’m not a good enough coder to provide a patch & merge request, and the role-base security plugin doesn’t have a bug submission link that I can find.
From: jenkinsci-users@googlegroups.com <jenkinsci-users@googlegroups.com> On Behalf Of Richard Bywater Sent: Friday, January 18, 2019 4:19 PM To: jenkinsci-users@googlegroups.com Subject: Re: Users unable to build projects they're authorized for via role-strategy-plugin I've had this issue in the part. In my experience there isn't really much that you can do about it except to try and get people to use a particular case when logging in (e.g. all lower case). If there's an alternative option that can be chosen would love to hear about it though. Richard. On Sat, 19 Jan 2019, 5:38 AM Benjamin Primrose, <bprimr...@wcu.com<mailto:bprimr...@wcu.com>> wrote: I’m not sure if this is FYI or a plea for help☺ TL:DR, role-strategy-plugin evaluates user permissions by case-sensitively comparing the username as entered in Assign Roles with the way they typed their name when *logging in*. Running: Jenkins 2.150.2 on windows server 2016 Active Directory plugin 2.10 (this may be incidental info) Role-based Authorization Strategy 2.9.0 What’s happening: I’m configuring a set of users with access. Adding the users to project roles in “Manage Jenkins”->”Manage and Assign Roles”->”Assign Roles” works wonderfully. More importantly, it is *case insensitive*. User’s logons at this org have the initial letter of first and last name capitalized in active directory, but no matter what case they’re entered in here the lookup in AD succeeds. The issue occurred when those users attempt to build the projects they’re authorized for—they can’t. I have a secondary account of my own, which I added in the same way as the other users. It could build projects, so I know my project role regex is OK. The one other user who did work I’d lazily entered in all lower case instead of in the local “official” mixed-case format. We went through the AD config for that user to figure out which field had their username in all lower case, but none did. After some talking in circles, most users are entering their username in all lower case when logging in. It appears the role-strategy-plugin compares the username logged in with *as typed* against the username entered in the Assign Roles config screen *as typed*. I had expected either the Assign Roles screen and logging in to do a lookup against AD, and store the actual username. The actual behavior is very finicky, and some users do enter their username in mixed case. Does anyone have a fix or workaround for this? Benjamin Primrose Principal Developer • Fitchburg, MA 01420 Ph:978-353-8054 • bprimr...@wcu.com<mailto:bprimr...@wcu.com> [https://www.wcu.com/wp-content/uploads/2018/10/WorkersLogo_4cp.png] Confidentiality Notice: The materials in this electronic mail transmission (including attachments) are private and confidential and are the property of the sender and Workers Credit Union. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of Workers Credit Union. If you are not the intended recipient, you are hereby notified that any use, dissemination, disclosure or copying of this communication is strictly prohibited. If you have received this communication in error, please destroy all copies of this message and its attachments and notify us immediately. Thank you. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com<mailto:jenkinsci-users+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5c4200fc.1c69fb81.a63cb.3fdaSMTPIN_ADDED_MISSING%40gmr-mx.google.com<https://groups.google.com/d/msgid/jenkinsci-users/5c4200fc.1c69fb81.a63cb.3fdaSMTPIN_ADDED_MISSING%40gmr-mx.google.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com<mailto:jenkinsci-users+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAAy0hwei9hQB1NqPuBg8XtJo%2BA_vbgsNxHeoYsOPvfHkk0mQng%40mail.gmail.com<https://groups.google.com/d/msgid/jenkinsci-users/CAAy0hwei9hQB1NqPuBg8XtJo%2BA_vbgsNxHeoYsOPvfHkk0mQng%40mail.gmail.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5c476a2f.1c69fb81.91a52.e8e8SMTPIN_ADDED_MISSING%40gmr-mx.google.com. For more options, visit https://groups.google.com/d/optout.
