AD can resolve users but not external groups

Issue

  • Jenkins is able to resolve individual users from AD and can see external groups, but cannot resolve external group membership. For example, user1 is part of the Developer group. User1 can be added individually, and the Developer group appears to be resolved(shows external group icon in RBAC, for example). When assigning permissions to the Developer group, they are not reflected for it’s members, such as user1

Environment

  • CloudBees Jenkins Enterprise
  • Jenkins
  • AD plugin

Resolution

Navigate to the AD plugin configuration under Manage Jenkins -> Configure Global Security. The option Remove irrelevant groups needs to be unchecked. It is incompatible with RBAC, as RBAC needs to see every group a user is a member of.

Have more questions? Submit a request

3 Comments

  • 0
    Avatar
    Khemraj Rana

    We don't have this option in our Jenkins- manage - Jenkins configure global security

  • 0
    Avatar
    Khemraj Rana

    which Jenkins version would have this feature ?

  • 0
    Avatar
    Arnaud Heritier

    Hi,

      It was added in active directory plugin 1.39 ( https://issues.jenkins-ci.org/browse/JENKINS-24195 ).

    Best regards

Please sign in to leave a comment.