As of version 2.17 please refer to the GitHub Releases page
- Categorization of the plugin under the Status section of the
/managepage of the User Interface. (PR-107)
- JENKINS-64130 Tables to divs compatibility (Cf. Table to div layout migration documentation for more explanations)
- Important security fixes
- User passwords are no longer stored in memory as part of the authentication cache.
Instead, BCrypt is used.
The Java system property
hudson.plugins.active_directory.CacheUtil.bcryptLogRoundscan be used to configure the cost parameter; the default is 10 (for 1024 rounds). Additionally, the caching of successful authentications can be disabled by setting the system propertyhudson.plugins.active_directory.CacheUtil.noCacheAuthtotrue. - When a local fallback security realm is configured, the plugin would sometimes reset the password of the specified user to a fixed value.
- Reverts 2.15 since it breaks all the installations on Windows Server JENKINS-55813
- Improve AD/LDAP attribute analysis for locked accounts JENKINS-55813
- Some Exceptions launched by startTLS might break the log-in JENKINS-44787
- Java 11 readiness: also build recommended configurations
- Remove the problematic Administrative Monitor JENKINS-56047 JENKINS-55852
- TlsConfigurationAdministrativeMonitor is missing its name - JENKINS-54267
- Configuration-as-Code compatibility - JENKINS-53576
- Advanced configuration missing on Configure Global Security (The plugin did not work correctly on Windows Servers) JENKINS-52045
-
AD recognizes groups by CN and sAMAccount when authorities only works with CN JENKINS-45576
-
ActiveDirectorySecurityRealm constructor ignores TlsConfiguration JENKINS-45816
-
The help button for Domain does not correctly explain how to add multiple-domains JENKINS-46228
- If getRecordFromDomain returns null report the problems - JENKINS-45009
- Fail-over user to fallback when there are authentication issues - JENKINS-39065
- ManagementLink to improve the supportability of the AD plugin - JENKINS-41744
- Guice failing on terminating ActiveDirectorySecurityRealm.shutDownthreadPoolExecutors - (JENKINS-43091)
- Enable StartTls is always TRUE in the UI - (JENKINS-42831)
- NPE thrown at login when after AD Plugin update - (JENKINS-42739)
- Fix for version 2.1 on Windows Environments, where the plugin was broken due not keeping on mind domains can be null on Windows environments.
- Support different bindUser per domain - (JENKINS-39375)
- Make site independent of each domain - (JENKINS-39423)
- Cannot populate servers via groovy script - (JENKINS-39676)
- Add a test per domain - (JENKINS-39776)
- Not throw any Exception in case there is not any domain - (JENKINS-40599)
- Add description according to Wiki - (JENKINS-42245)
- Update ActiveDirectoryUserDetail on a different - (JENKINS-38784)
- Enable com.sun.jndi.ldap.connect.timeout - (JENKINS-36041)
- Configure startTls on the UI - (JENKINS-42641)
- Better handle of PartialResultException - (JENKINS-42686) This was producing intermittent login failures when using the LDAP catalog.
- Fix StartTLS (JENKINS-25269)
- Much better support for multiple domain controllers - (JENKINS-32033). This version might lock the access to your instance, although this will only happen in a very small quantity of cases. See IMPORTANT Active Directory 2.0 - Better multi-domains support section for more information.
- Add a warning when displayed name is not used with several domains - (JENKINS-38294)
- Trim the domains so a space after comma does not get introduced - (JENKINS-38294)
- System Property to be able to ignore referrals - (JENKINS-38290)
- Support for multiple domain controllers - (JENKINS-32033)
- Not return null inside the cache - (JENKINS-37582)
- Provide an ultimate speed option based on Security Groups - (JENKINS-36248)
- Not serialize userCache, neither groupCache - (JENKINS-36212)
- Return null inside the cache block is not allowed - (JENKINS-37582)
- LDAP users and groups cannot be verified anymore because of SECURITY-243 -(JENKINS-34426)
- LDAP users and groups cannot be verified anymore (JENKINS-34426)
- Test button is reporting managerDN binding is successful but was not able to find any user on the tree (JENKINS-34444)
Version 1.44 (2016/04/20) This version is broken by JENKINS-34426 - which is fixed in 1.45
- Test Active Directory connection button reports success if the search operation doesn't have any result (JENKINS-34143)
- Optional cache for users and groups (JENKINS-21297)
- Added support for multiple servers without assigned ports
- AD can not log on with email address (JENKINS-26737)
- Update help for irrelevantGroups
- Correct FindBugs issues
- Chrome browser username autofill adds username as bindName in LDAP (JENKINS-29280)
- "Automatic" group lookup strategy is not so automatic (JENKINS-28857)
- TimeLimitExceededException produces "Automatic" group lookup strategy not to work correctly (JENKINS-33213)
- Active Directory Plugin - Credential exception tying to authenticate with special characters like / or # (JENKINS-16257)
- De-emphasize custom domain setting in the ADSI mode, but once that's selected, expose a full set of options (JENKINS-27763)
- A hack-ish switch to enable faster group lookup (JENKINS-24195)
- Login based on
userPrincipalName(which looks like an email address) was not working
- Apparently the "improvement" in 1.37 backfired for some users. Providing an option for them to select the algorithm as a fallback (JENKINS-22830)
- Drastically speed up the recursive group membership search through the use of a Microsoft extension in the LDAP filter expression.
Be careful if you intend to install version 1.37. It has been known to cause excessive load on Active Directory authentication servers. If you install this version you should carefully monitor traffic on relevant ports, e.g.: tcpdump port 389 or 3268.
- Fixed a thread leak problem when running on Windows (JENKINS-16429)
- Implemented "remember me" support in conjunction with upcoming Jenkins 1.556. (JENKINS-9258)
- Make test-button work for multi-domain configurations (Pull request #7)
- Fix forceLDAPs system property and fix ports when using the system property (JENKINS-21073)
- Added form validation check to the ADSI codepath (JENKINS-17923)
- Fixed a show-stopper that broke most ADSI deployments (JENKINS-17676)
- Fixed a regression in 1.31 that caused encoding problems with ADSI (JENKINS-17692)
- Performance improvement.
- Fixed a bug in handling OU that contains tricky characters like '/'.
- Ignore the lookup failure for the memberOf group as it's possible that the authenticating user doesn't have permissions to access the group (JENKINS-16205)
- NullPointerException encountered while testing connection.
- Added additional logging statements for diagnosis.
- Fixed a regression in 1.27 JENKINS-13650
- If an authentication fails (as opposed to a communication problem), don't fallback to other domain controllers to prevent a cascade of login failures, which can result in an account lock out.
- Started caching group definitions to reduce the traffic to domain controllers
- ADSI implementation now more eagerly releases COM objects without waiting for GC
- Removed bogus error message when an user wasn't found (JENKINS-12619)
- When attempting anonymous bind, don't pass in the user name to prevent it from counted as a failure in case anonymous bind is disabled (JENKINS-13595)
- Fixed a bug that broke the handling of exotic group names (JENKINS-12907)
- Canonicalize the user name as per writtein AD, instead of using what the user gave us (JENKINS-12607)
- Updated com4j to use ADSI even on 64bit Windows JVMs (JENKINS-11719)
- Improved caching on group information (pull #3)
- The "Test" button in the config page now supports multi-domain test. (pull #2)
- Honor LDAP timeout setting when talking to domain controllers (pull #1)
- Fixed a security vulnerability that affects AD with anonymous binding enabled.
- Fixed a bug in server lookup. We should still consider lower-priority servers if higher priority ones are unreachable
- Supported group lookup by name
- Report all attempted authentication when trying to authenticate against multiple domains (JENKINS-11948)
- Fixed a poor interaction with the matrix security form check (JENKINS-11720)
- Fixed a regression in 1.22 that broke the distribution group lookup (JENKINS-11668)
- "remember me" causes exception (JENKINS-11643)
- Avoid NPE if we fail to retrieve tokenGroups (JENKINS-11644)
- Fixed 8000500d COM error on Windows platform (JENKINS-11660)
- Plugin shouldn't require a record on the domain
- Fixed a bug in the TLS upgrade (JENKINS-8132)
- Plugin was not recognizing the user's primary group ("Domain Users" most typically)
- E-mail and full name are now propagated to Jenkins (JENKINS-6648)
- Made to correctly work with CLI username/password authentication (JENKINS-7995)
- Fixed a security vulnerability (SECURITY-18)
- If we fail to check the account disabled flag, assume it's enabled (JENKINS-10086)
- If/when the socket factory is given, JRE appears to automatically try to connect via SSL, so we can only do so during StartTLS call.
- Error only if there's no server (either configured or discovered.)
- Added the preferred Server functionality back
- Add a preferred server in configuration options
- Update for Jenkins
- Look up is now done via LDAPS instead of LDAP (although there's no certificate check done now.)
- The plugin now talks to the global catalog for efficiency, as opposed to a domain, if that's available.
- Some DNS returns '.' at the end of the host name. Handle it correctly (JENKINS-2647)
- Fixed a possible LDAP injection problem (JENKINS-3118)
- Try all the available servers before giving up. Useful when some of your domain controllers aren't working properly. (JENKINS-4268)
- Added the site support (JENKINS-4203)
- Cleaned up the help text that incorrectly stated that this doesn't work on Unix. It works. (JENKINS-2500)
- Added a workaround for WebSphere in doing DNS lookup via JNDI (JENKINS-5045)
- Fix bug introduced with 1.14 where an AD setup with circular group references would cause a stack overflow.
- Support nested groups (via the Unix provider) (JENKINS-3071)
- Fixed a bug that prevented the "authenticated" role being honoured (JENKINS-3735)
- Support authenticting against multiple domains (JENKINS-3576)
- Fixed a bug that degraded Windows support (which forces you to enter the domain name.)
- Implementation of group recognition (for displaying group icon in matrix for instance.)
- Some DNS returns '.' at the end of the host name. Handle it correctly (JENKINS-2647) (not correctly fixed until 1.17)
- Fixed NPE in the form field validation when a group name was added (JENKINS-3344)
- Lookup fails for members of groups with special characters in the name (like '/') (JENKINS-3249)
- No change. This is a re-release since 1.10 didn't hit the update center.
- On Windows, specifying the domain name in the "advanced" section wasn't taking effect.
- Modified to work with 64bit Windows
- Hudson honors the priority in the SRV entries
- Fixed a bug in handling alternative UPN suffix.
- Fixed a bug in handling "referrals" (which I believe happens when you run AD forest.)
- Windows users can now also use the LDAP-based AD authentication (the same code used on Unix.) This is apparently necessary when Hudson runs as a local user instead of a domain user
- Fixed a bug where the configuration page doesn't show the configured AD domain name
- Fixed a bug that prevented this from working with user-defined containers
- Supported authentication from Hudson running on non-Windows machines
- Fixed IllegalArgumentException in remember-me implementation (JENKINS-1229)
- Initial version