Configure Jenkins with LDAP

1
votes

LDAP is new to me and I try to use it with Jenkins. I am using slapd

I created a simple tree with the user admin + 1 user adenoyelle (via dpkg reconfigure). I do not understand how Jenkins will find the LDAP users.

Here is the result of ldapsearch :

root@myserver:~# ldapsearch -x -b 'dc=mycompany,dc=com'
# extended LDIF
#
# LDAPv3
# base <dc=mycompany,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# mycompany.com
dn: dc=mycompany,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: mycompany.com
dc: mycompany

# admin, mycompany.com
dn: cn=admin,dc=mycompany,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# adenoyelle, mycompany.com
dn: cn=adenoyelle,dc=mycompany,dc=com
cn: adenoyelle
objectClass: simpleSecurityObject
objectClass: organizationalRole
objectClass: top

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3

Question 1) : Does this structure look good?

I tried to configure Jenkins with those options : 

LDAP server: ldap://mycompany.com:389
root DN : dc=mycompany,dc=com
DN manager : cn=admin,dc=mycompany,dc=com
manager password : ******

When I try to connect with adenoyelle/*****, I get the message :

jenkins invalid login information. please try again

Question 2) Am I missing a piece of configuration?

3
jenkinsldap
Which ldap server are you using? Does it require authentication for queries? You are passing the DN manager and password which may not be required and might be causing you the error message. I have a simple LDAP install and the config looks much like what you have listed.oden

3 Answers

2
votes

Right now I'm not sure on how jenkins looks up the users but im fairly sure it's based on an attribute like uid. And such an attribute is not available in the LDAP as far as I can see.

You might want to add an objectclass ox inetorgperson or posixaccount as these require a uid attribute. Alternatively you might be able to set a user filter in the ldap-config of jenkins that uses the cn instead of the uid. I'd have to lool that up tomorrow to give you more information on that one.

But don't mind me asking why you want to set up an own LDAP dieectory just for logging into jenkins? Isn't that a bit much overhead? Or are you thinking of using that directory for more?

1
votes

Jenkins does not do a great job explaining what is needed and their defaults won't work.

In General once you select LDAP you need to click advanced and update the ManagerDN and managerPassword with the correct distinguished name to a user that has permissions on the domain controller you want to hit.

Also change the userSearch to something like (sAMAccountName={0})

0
votes

It seems like you only have configured the administrator login towards LDAP. Each user must also be mapped into the LDAP structure.

Try adding:

User search base: dc=mycompany,dc=com
User search filter: cn={0}