Issue
- Jenkins is able to resolve individual users from AD and can see external groups, but cannot resolve external group membership. For example,
user1is part of theDevelopergroup.User1can be added individually, and theDevelopergroup appears to be resolved(shows external group icon in RBAC, for example). When assigning permissions to theDevelopergroup, they are not reflected for it’s members, such asuser1
Environment
- CloudBees Jenkins Enterprise
- Jenkins
- AD plugin
Resolution
Navigate to the AD plugin configuration under Manage Jenkins -> Configure Global Security. The option Remove irrelevant groups needs to be unchecked. It is incompatible with RBAC, as RBAC needs to see every group a user is a member of.
3 Comments