Stephen Connolly (2014-05-22 17:12):
OK, so there is now rumoured to be a faster and better way to look up
the groups that a user belongs to in the LDAP 1.10 plugin.
I say rumoured because due to the complexities of Active Directory
server configurations, one can never be quite sure until one has had a
fair amount of testing.
To that end, please could you set up a simple test Jenkins instance
and upgrade to ldap:1.10 and configure the `Parse user attribute for
list of groups` group membership strategy (again rumour has it that on
Active Directory the attribute `memberOf` is the magic attribute.
See if that ends up giving you the same JENKINS_URL/whoAmI list of
groups as when you have the `Search for groups containing user` set
with the filter being `(member:1.2.840.113556.1.4.1941:={0})`...
though the `Parse user attribute for list of groups` should be very
very fast for login while the `Search for groups containing user`
could take *ages*.
Seems the rumors are right ;-). New version is very snappy. It's the
first time I could disable LDAP cache.
BTW if we don't use LDAP/AD groups could I disable checking for groups
in LDAP somehow? Maybe that would make it even faster... We only use
"authenticated" group to assign roles (we use Role Strategy plugin).
BTW "role-strategy/assign-roles" now loads icons on the list within 1-2
seconds. It used to load about 10 times slower so good work!
Regards,
Nux.
--
You received this message because you are subscribed to the Google Groups "Jenkins
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
