Jenkins use LDAP Groups with Project Matrix Auth

Question

So I have a Jenkins server that is connected to my FreeIPA LDAP servers and I am using Project-based Matrix Authorization.

When I add an individual user and assign permissions all works as expected but if I use a group then try to log in as a memberof said group I get this:

jenkins.test2 is missing the Overall/Read permission

The user is a member of the group and I have confirmed using a small groovy script that Jenkins is able to read the group.

Jenkins.instance.securityRealm.loadGroupByGroupname(name)

I have also confirmed that the ldap DN settings for groups is correct and that my group exists on the LDAP server in the defined DN.

Why can I not authenticate and sign in as a valid member of a group that has been assigned permissions?

Answer 1

So I finally got back to this one and before I started work on it a colleague had upgraded from Jenkins 2.19 to Jenkins 2.32.1 (LTS).

Lo and behold groups is now working, I did notice that Jenkins is a little funny about making multiple changes at once.

Answer 2

We are using the ActiveDirectory option, with Matrix based security, and can enable access via Group names. Case does matter though. is enabled.

When I then go to a User, I can click on them to see the Groups they belong to from ActicveDirectory. This allows me to test a user name

and ensure they belong to the group I expect for safety. The listing shows the group, so I can then delete the user, and try again, and they will be able to login via ActiveDirectory and access the projects.