- It is somewhat confusing that there are two `group search filters` so I have decided to rename one.
- The new name for the `groupSearchFilter` that is controlled from `LDAPBindSecurityRealm.groovy` is the
`groupMembershipFilter` as this filter is used to determine what groups a specific user is a member of
- That leaves `groupSearchFilter` as a nice clean name for the filter to search for named groups.
- This should still respect any existing configuration, i.e. leaving these fields blank will leave the
existing defaults or existing overrides in place... but it will make life easier for users going forward
- Took quite some digging to figure out exactly what these filters were for... hopefully I have left things
in a more obvious framing for anyone else following
- I would like a better way to apply the `groupMembershipFilter` override, but this was the cleanest way
I could maintain backwards compatibility
- Caching is usually not recommended
- Where the LDAP server is slow, or rate-limits clients however, by trading off memory required on the master JVM
improved performance can be observed with caching enabled.
- Large long-TTL caches will most likely require the JVM memory on the master be increased to compensate for the cache population
Or else, classes from this plugin fails to resolve.
-------------------------
org.jvnet.hudson.reactor.ReactorException: org.codehaus.groovy.control.MultipleCompilationErrorsException: startup failed:
Script1.groovy: 32: unable to resolve class hudson.security.LDAPSecurityRealm.AuthoritiesPopulatorImpl
@ line 32, column 1.
import hudson.security.LDAPSecurityRealm.AuthoritiesPopulatorImpl
^
1 error
at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:246)
at jenkins.InitReactorRunner.run(InitReactorRunner.java:43)
at jenkins.model.Jenkins.executeReactor(Jenkins.java:885)
at jenkins.model.Jenkins.<init>(Jenkins.java:790)
at hudson.model.Hudson.<init>(Hudson.java:81)
at hudson.model.Hudson.<init>(Hudson.java:77)
at hudson.WebAppMain$2.run(WebAppMain.java:217)
Caused by: org.codehaus.groovy.control.MultipleCompilationErrorsException: startup failed:
Script1.groovy: 32: unable to resolve class hudson.security.LDAPSecurityRealm.AuthoritiesPopulatorImpl
@ line 32, column 1.
import hudson.security.LDAPSecurityRealm.AuthoritiesPopulatorImpl
^
1 error
at org.codehaus.groovy.control.ErrorCollector.failIfErrors(ErrorCollector.java:302)
at org.codehaus.groovy.control.CompilationUnit.applyToSourceUnits(CompilationUnit.java:858)
at org.codehaus.groovy.control.CompilationUnit.doPhaseOperation(CompilationUnit.java:548)
at org.codehaus.groovy.control.CompilationUnit.compile(CompilationUnit.java:497)
at groovy.lang.GroovyClassLoader.doParseClass(GroovyClassLoader.java:306)
at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:287)
at groovy.lang.GroovyShell.parseClass(GroovyShell.java:731)
at groovy.lang.GroovyShell.parse(GroovyShell.java:743)
at groovy.lang.GroovyShell.parse(GroovyShell.java:723)
at groovy.lang.GroovyShell.parse(GroovyShell.java:790)
at hudson.util.spring.BeanBuilder.parse(BeanBuilder.java:133)
at hudson.security.LDAPSecurityRealm.createSecurityComponents(LDAPSecurityRealm.java:359)
at hudson.security.SecurityRealm.getSecurityComponents(SecurityRealm.java:398)
at hudson.security.HudsonFilter.reset(HudsonFilter.java:134)
at jenkins.model.Jenkins.setSecurityRealm(Jenkins.java:1960)
at jenkins.model.Jenkins$17.run(Jenkins.java:2524)
at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:146)
at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:259)
at jenkins.model.Jenkins$7.runTask(Jenkins.java:874)
at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:187)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:94)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:636)
I had a misunderstanding of the values in {0} and {1}. Both are names.
{1} is the shorter username rather than {0} which is the full ldap
specifier.
This reverts commit 8feb91bb2f6637783b9ffb051776e953b1c5e84c.
Originally-Committed-As: 6be5275ef052c4d0475c3563a3d6053fde549070
