To tighten up security on our Jenkins CI server (running 1.614 on Ubuntu 14.04), I configured the LDAP plugin yesterday. Everything seemed fine yesterday, and I was able to log in and manually configure and run some builds.
This morning, however, no one - including myself - is able to log in.
We are told to look into the server console output - however, there is nothing recorded in /var/log/jenkins/jenkins.log
. I found How do I view the Jenkins server console output on the local filesystem? - but there are no such log files in /usr/lib/jenkins/
(which my jenkins home directory).
I've tried the simple troubleshooting groovy script at https://wiki.jenkins-ci.org/display/JENKINS/LDAP+Plugin, but each query returns:
Checking the name 'wibble'...
It is NOT a group, reason: No such property: Jenkins for class: RemoteClass
It is NOT a user, reason: No such property: Jenkins for class: RemoteClass
My security config:
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
<securityRealm class="hudson.security.LDAPSecurityRealm" plugin="[email protected]">
<server>server.ip.address</server>
<rootDN>dc=domain,dc=location,dc=au</rootDN>
<inhibitInferRootDN>false</inhibitInferRootDN>
<userSearchBase>dc=domain,dc=location,dc=au</userSearchBase>
<userSearch>sAMAccountName={0}</userSearch>
<groupSearchBase>ou=groups</groupSearchBase>
<groupSearchFilter>(& (cn={0}) (objectclass=group) )</groupSearchFilter>
<groupMembershipStrategy class="jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy">
<filter>(&(objectCategory=group)(member={0}))</filter>
</groupMembershipStrategy>
<managerDN>cn=administrator,cn=users,dc=domain,dc=location,dc=au</managerDN>
<managerPasswordSecret>wurble-bop-de-boo</managerPasswordSecret>
<disableMailAddressResolver>false</disableMailAddressResolver>
<displayNameAttributeName>displayname</displayNameAttributeName>
<mailAddressAttributeName>mail</mailAddressAttributeName>
<userIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/>
<groupIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/>
</securityRealm>
There were no configuration changes made overnight, and we use these same credential/settings for other LDAP integration from about 3 or 4 different applications, and they're all working fine.
/usr/lib
and/usr/log
(does that exist?), but looking at the Ubuntu wiki page, the logs should be in/var/log/jenkins
. – Christopher Orr