Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Active Directory groups are not being synchronized correctly #28

Closed
5 tasks done
andrewabest opened this issue May 1, 2020 · 0 comments
Closed
5 tasks done

Active Directory groups are not being synchronized correctly #28

andrewabest opened this issue May 1, 2020 · 0 comments
Assignees
@andrewabest
Labels
bug

Comments

@andrewabest
Copy link
Contributor

Prerequisites

  • I have verified the problem exists in the latest version
  • I have searched open and closed issues to make sure it isn't already reported
  • I have written a descriptive issue title
  • I have linked the original source of this report
  • I have tagged the issue appropriately (area/*, kind/bug, tag/regression?)

The bug

When attempting to:

  • Test Permissions on a User
  • Synchronize external groups (Task)

Some users appear to have no groups when tested or synchronized, even though they are members of security groups in Active Directory.

This problem has been tested to exist in simple single-domain setups, but likely will exist with multi-domains in trust scenarios too.

HelpScout Report: https://secure.helpscout.net/conversation/1143360117/63427?folderId=557082

What I expected to happen

All security groups a user is a member of that the Octopus Service account has access to query should be shown as available to Octopus in the above processes.

Steps to reproduce

Run the script provided in https://octopus.com/docs/administration/authentication/active-directory-authentication/troubleshooting-active-directory-integration#TroubleshootingActiveDirectoryintegration-Verifyingconfigurationvalues and verify an exception occurs

Log excerpt

April 24th 2020 10:07:19

Verbose

An error occurred while enumerating the groups. The group could not be found. System.DirectoryServices.AccountManagement.NoMatchingPrincipalException: An error occurred while enumerating the groups. The group could not be found. at System.DirectoryServices.AccountManagement.AuthZSet.get_CurrentAsPrincipal() at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.get_Current() at System.Linq.Enumerable.SelectEnumerableIterator`2.MoveNext() at Octopus.Server.Extensibility.Authentication.DirectoryServices.DirectoryServices.DirectoryServicesExternalSecurityGroupLocator.ReadGroups(IEnumerable`1 groupPrincipals, ICollection`1 groups, CancellationToken cancellationToken) at Octopus.Server.Extensibility.Authentication.DirectoryServices.DirectoryServices.DirectoryServicesExternalSecurityGroupLocator.GetGroupIdsForUser(String samAccountName, CancellationToken cancellationToken) Octopus.Server version 2020.1.13 (2020.1.13+Branch.tags-2020.1.13.Sha.809371fedf26ca611e72aaf9d438ee655d55b5c6)

Affected versions

2019.10.4 => Current

Octopus Server:

Workarounds

None.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewabest andrewabest

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andrewabest