baa296ba78adc7de1bbba3cd2538924560f36055,src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java,ActiveDirectoryUnixAuthenticationProvider,resolveGroups,#String#String#DirContext#,371

Before Change


        Set<GrantedAuthority> groups = new HashSet<GrantedAuthority>();

        NamingEnumeration<SearchResult> renum = new LDAPSearchBuilder(context,domainDN).subTreeScope().returns("cn").search(query.toString(), sids.toArray());
        while (renum.hasMore()) {
            Attributes a = renum.next().getAttributes();
            Attribute cn = a.get("cn");
            if (LOGGER.isLoggable(Level.FINE))

After Change


            // this Microsoft extension is explained in http://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
            renum = new LDAPSearchBuilder(context, domainDN).subTreeScope().returns("cn").search(
                    "(member:1.2.840.113556.1.4.1941:={0})", userDN);
            if (renum.hasMore()) {
                // http://ldapwiki.willeke.com/wiki/Active%20Directory%20Group%20Related%20Searches cites that
                // this filter search extension requires at least Win2K3 SP2. So if this didn't find anything,
                // fall back to the recursive search