Skip to content
Permalink
Browse files
[FIXED JENKINS-16205] Ignore the lookup failure for the memberOf grou…
…p as it's possible that the authenticating user doesn't have permissions to access the group.
  • Loading branch information
Tom Palmer committed Dec 27, 2012
1 parent f6d7b2e commit 74899c38e87c037084098eae3a84851b28317f03
Showing 1 changed file with 15 additions and 10 deletions.
@@ -5,6 +5,7 @@
import hudson.security.SecurityRealm;
import hudson.security.UserMayOrMayNotExistException;
import hudson.util.Secret;
import javax.naming.NameNotFoundException;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
@@ -419,17 +420,21 @@ private Set<GrantedAuthority> resolveGroups(String domainDN, String userDN, DirC
continue;

for (int i = 0; i<memberOf.size(); i++) {
Attributes group = context.getAttributes(new LdapName(memberOf.get(i).toString()), new String[] { "CN", "memberOf" });
Attribute cn = group.get("CN");
if (cn==null) {
LOGGER.fine("Failed to obtain CN of "+memberOf.get(i));
continue;
}
if (LOGGER.isLoggable(Level.FINE))
LOGGER.fine(cn.get()+" is a member of "+memberOf.get(i));
try {
Attributes group = context.getAttributes(new LdapName(memberOf.get(i).toString()), new String[] { "CN", "memberOf" });
Attribute cn = group.get("CN");
if (cn==null) {
LOGGER.fine("Failed to obtain CN of "+memberOf.get(i));
continue;
}
if (LOGGER.isLoggable(Level.FINE))
LOGGER.fine(cn.get()+" is a member of "+memberOf.get(i));

if (groups.add(new GrantedAuthorityImpl(cn.get().toString()))) {
q.add(group); // recursively look for groups that this group is a member of.
if (groups.add(new GrantedAuthorityImpl(cn.get().toString()))) {
q.add(group); // recursively look for groups that this group is a member of.
}
} catch (NameNotFoundException e) {
LOGGER.fine("Failed to obtain CN of "+memberOf.get(i));
}
}
}

0 comments on commit 74899c3

Please sign in to comment.