Jenkins user shows with 'Red Stop Sign' in security configuration

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Jenkins user shows with 'Red Stop Sign' in security configuration

Ioannis Moutsatsos-2
We are using matrix security configuration (Jenkins  v 1.532 LTS on Windows)
Recently a user 'self-signed' for an account, and when I tried to setup his security configuration he is the only one in the user list appearing with a red stop sign before his user name. 

What does that mean? Is there something I'm missing? I've setup several other users in the past with no issues.

I have reloaded the Jenkins configuration from disk but did not make any difference.

Thanks in advance for any feedback you may have.
Ioannis

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins user shows with 'Red Stop Sign' in security configuration

stephenconnolly
Are you sure you have matched the username case exactly?

The great "fun" is that people have assumed:

* that usernames are case insensitive - WRONG: try *any* unix OS

* that email addresses are case insensitive - WRONG: read the RFC, the DNS name is case insensitive, but the bit *before* the @ _may_or_may_not_ be case sensitive, only the server that holds the mailbox knows the answer.

Now sane system admins on unix systems only use lowercase usernames because it creates less problems.

Since this is the typical policy, most mailbox servers are configured to match ignoring case.

Similarly, LDAP directory servers default schema relies on an email attribute that is specified as case insensitive.

Thus in 99% of cases usernames are case insensitive in the real world... However with over 70000 Jenkins installations you could expect perhaps 700 +/- sqrt(700)*2 of them to be facing case sensitivity issues.

Yet there is an army of devs for Jenkins that have been submitting bugs and fixes to make Jenkins case insensitive.

I gave an open pull request to make case sensitivity configurable, but until then you are in a limbo-land with regards to case sensitivity.

The biggest source of issues is Active Directory servers in larger organisations where there was a consolidation of different directory servers due to mergers and acquisitions... You have some users with email address reported as [hidden email], others as [hidden email], and others as [hidden email]. The users normally just type in their username in lowercase so may not be aware of how their username is being reported from AD (unless they go to the JENKINS_URL/whoAmI page).

On Saturday, 17 May 2014, Ioannis Moutsatsos <[hidden email]> wrote:
We are using matrix security configuration (Jenkins  v 1.532 LTS on Windows)
Recently a user 'self-signed' for an account, and when I tried to setup his security configuration he is the only one in the user list appearing with a red stop sign before his user name. 

What does that mean? Is there something I'm missing? I've setup several other users in the past with no issues.

I have reloaded the Jenkins configuration from disk but did not make any difference.

Thanks in advance for any feedback you may have.
Ioannis

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;jenkinsci-users%2Bunsubscribe@googlegroups.com&#39;);" target="_blank">jenkinsci-users+unsubscribe@....
For more options, visit https://groups.google.com/d/optout.


--
Sent from my phone

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins user shows with 'Red Stop Sign' in security configuration

Ioannis Moutsatsos-2
Thanks Steve;

Although I'm running Jenkins on Windows and I'm not using LDAP for authentication, I think your observation was in fact correct!

After adding the user name in all lower case in the security matrix and asking the user to re-register with an lower case username the 'Red Stop Sign' disappeared and the user is now able to build Jenkins jobs
Originally, the user had used a mixed case user name which was probably not preserved in a similar way across the entire Jenkins system and the Windows file system

Thanks for the helpful points!

Best regards
Ioannis

On Sunday, May 18, 2014 4:58:31 AM UTC-4, Stephen Connolly wrote:
Are you sure you have matched the username case exactly?

The great "fun" is that people have assumed:

* that usernames are case insensitive - WRONG: try *any* unix OS

* that email addresses are case insensitive - WRONG: read the RFC, the DNS name is case insensitive, but the bit *before* the @ _may_or_may_not_ be case sensitive, only the server that holds the mailbox knows the answer.

Now sane system admins on unix systems only use lowercase usernames because it creates less problems.

Since this is the typical policy, most mailbox servers are configured to match ignoring case.

Similarly, LDAP directory servers default schema relies on an email attribute that is specified as case insensitive.

Thus in 99% of cases usernames are case insensitive in the real world... However with over 70000 Jenkins installations you could expect perhaps 700 +/- sqrt(700)*2 of them to be facing case sensitivity issues.

Yet there is an army of devs for Jenkins that have been submitting bugs and fixes to make Jenkins case insensitive.

I gave an open pull request to make case sensitivity configurable, but until then you are in a limbo-land with regards to case sensitivity.

The biggest source of issues is Active Directory servers in larger organisations where there was a consolidation of different directory servers due to mergers and acquisitions... You have some users with email address reported as <a href="javascript:" target="_blank" gdf-obfuscated-mailto="cxuGdeg_E6gJ" onmousedown="this.href='javascript:';return true;" onclick="this.href='javascript:';return true;">John...@..., others as <a href="javascript:" target="_blank" gdf-obfuscated-mailto="cxuGdeg_E6gJ" onmousedown="this.href='javascript:';return true;" onclick="this.href='javascript:';return true;">JOHN...@..., and others as <a href="javascript:" target="_blank" gdf-obfuscated-mailto="cxuGdeg_E6gJ" onmousedown="this.href='javascript:';return true;" onclick="this.href='javascript:';return true;">john...@.... The users normally just type in their username in lowercase so may not be aware of how their username is being reported from AD (unless they go to the JENKINS_URL/whoAmI page).

On Saturday, 17 May 2014, Ioannis Moutsatsos <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="cxuGdeg_E6gJ" onmousedown="this.href='javascript:';return true;" onclick="this.href='javascript:';return true;">imout...@...> wrote:
We are using matrix security configuration (Jenkins  v 1.532 LTS on Windows)
Recently a user 'self-signed' for an account, and when I tried to setup his security configuration he is the only one in the user list appearing with a red stop sign before his user name. 

What does that mean? Is there something I'm missing? I've setup several other users in the past with no issues.

I have reloaded the Jenkins configuration from disk but did not make any difference.

Thanks in advance for any feedback you may have.
Ioannis

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
For more options, visit <a href="https://groups.google.com/d/optout" target="_blank" onmousedown="this.href='https://groups.google.com/d/optout';return true;" onclick="this.href='https://groups.google.com/d/optout';return true;">https://groups.google.com/d/optout.


--
Sent from my phone

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins user shows with 'Red Stop Sign' in security configuration

neethu shaju
Hi 

I have tried adding the user with all lower case but it is still showing red stop sign.

Thanks.


On Monday, 19 May 2014 20:38:10 UTC+5:30, Ioannis Moutsatsos wrote:
Thanks Steve;

Although I'm running Jenkins on Windows and I'm not using LDAP for authentication, I think your observation was in fact correct!

After adding the user name in all lower case in the security matrix and asking the user to re-register with an lower case username the 'Red Stop Sign' disappeared and the user is now able to build Jenkins jobs
Originally, the user had used a mixed case user name which was probably not preserved in a similar way across the entire Jenkins system and the Windows file system

Thanks for the helpful points!

Best regards
Ioannis

On Sunday, May 18, 2014 4:58:31 AM UTC-4, Stephen Connolly wrote:
Are you sure you have matched the username case exactly?

The great "fun" is that people have assumed:

* that usernames are case insensitive - WRONG: try *any* unix OS

* that email addresses are case insensitive - WRONG: read the RFC, the DNS name is case insensitive, but the bit *before* the @ _may_or_may_not_ be case sensitive, only the server that holds the mailbox knows the answer.

Now sane system admins on unix systems only use lowercase usernames because it creates less problems.

Since this is the typical policy, most mailbox servers are configured to match ignoring case.

Similarly, LDAP directory servers default schema relies on an email attribute that is specified as case insensitive.

Thus in 99% of cases usernames are case insensitive in the real world... However with over 70000 Jenkins installations you could expect perhaps 700 +/- sqrt(700)*2 of them to be facing case sensitivity issues.

Yet there is an army of devs for Jenkins that have been submitting bugs and fixes to make Jenkins case insensitive.

I gave an open pull request to make case sensitivity configurable, but until then you are in a limbo-land with regards to case sensitivity.

The biggest source of issues is Active Directory servers in larger organisations where there was a consolidation of different directory servers due to mergers and acquisitions... You have some users with email address reported as [hidden email], others as [hidden email], and others as [hidden email]. The users normally just type in their username in lowercase so may not be aware of how their username is being reported from AD (unless they go to the JENKINS_URL/whoAmI page).

On Saturday, 17 May 2014, Ioannis Moutsatsos <[hidden email]> wrote:
We are using matrix security configuration (Jenkins  v 1.532 LTS on Windows)
Recently a user 'self-signed' for an account, and when I tried to setup his security configuration he is the only one in the user list appearing with a red stop sign before his user name. 

What does that mean? Is there something I'm missing? I've setup several other users in the past with no issues.

I have reloaded the Jenkins configuration from disk but did not make any difference.

Thanks in advance for any feedback you may have.
Ioannis

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
For more options, visit <a href="https://groups.google.com/d/optout" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout.


--
Sent from my phone

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/1b3ec63e-5a04-47f7-aaf2-861c5fd838f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins user shows with 'Red Stop Sign' in security configuration

ktpentester
HI 

I have same issue does this issue resolved, Please update 

Thanks 
TARUN

On Monday, September 12, 2016 at 5:37:45 AM UTC-7, Neethu Shaju wrote:
Hi 

I have tried adding the user with all lower case but it is still showing red stop sign.

Thanks.


On Monday, 19 May 2014 20:38:10 UTC+5:30, Ioannis Moutsatsos wrote:
Thanks Steve;

Although I'm running Jenkins on Windows and I'm not using LDAP for authentication, I think your observation was in fact correct!

After adding the user name in all lower case in the security matrix and asking the user to re-register with an lower case username the 'Red Stop Sign' disappeared and the user is now able to build Jenkins jobs
Originally, the user had used a mixed case user name which was probably not preserved in a similar way across the entire Jenkins system and the Windows file system

Thanks for the helpful points!

Best regards
Ioannis

On Sunday, May 18, 2014 4:58:31 AM UTC-4, Stephen Connolly wrote:
Are you sure you have matched the username case exactly?

The great "fun" is that people have assumed:

* that usernames are case insensitive - WRONG: try *any* unix OS

* that email addresses are case insensitive - WRONG: read the RFC, the DNS name is case insensitive, but the bit *before* the @ _may_or_may_not_ be case sensitive, only the server that holds the mailbox knows the answer.

Now sane system admins on unix systems only use lowercase usernames because it creates less problems.

Since this is the typical policy, most mailbox servers are configured to match ignoring case.

Similarly, LDAP directory servers default schema relies on an email attribute that is specified as case insensitive.

Thus in 99% of cases usernames are case insensitive in the real world... However with over 70000 Jenkins installations you could expect perhaps 700 +/- sqrt(700)*2 of them to be facing case sensitivity issues.

Yet there is an army of devs for Jenkins that have been submitting bugs and fixes to make Jenkins case insensitive.

I gave an open pull request to make case sensitivity configurable, but until then you are in a limbo-land with regards to case sensitivity.

The biggest source of issues is Active Directory servers in larger organisations where there was a consolidation of different directory servers due to mergers and acquisitions... You have some users with email address reported as [hidden email], others as [hidden email], and others as [hidden email]. The users normally just type in their username in lowercase so may not be aware of how their username is being reported from AD (unless they go to the JENKINS_URL/whoAmI page).

On Saturday, 17 May 2014, Ioannis Moutsatsos <[hidden email]> wrote:
We are using matrix security configuration (Jenkins  v 1.532 LTS on Windows)
Recently a user 'self-signed' for an account, and when I tried to setup his security configuration he is the only one in the user list appearing with a red stop sign before his user name. 

What does that mean? Is there something I'm missing? I've setup several other users in the past with no issues.

I have reloaded the Jenkins configuration from disk but did not make any difference.

Thanks in advance for any feedback you may have.
Ioannis

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
For more options, visit <a href="https://groups.google.com/d/optout" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout.


--
Sent from my phone

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3297984b-ca9a-4a4a-b606-667625023da0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.