How to set permission to LDAP users in Jenkins?

1
votes

I have LDAP plugin integrated with Jenkins. I have set up the server details for LDAP that all the users from that LDAP can login in the system of jenkins. However I am facing some problem.

Under authorization, if I use legacy mode, it gives the anonymous user limited permission which included read permission. It is same of "Logged-in users can do anything".

I need to make the permission in such a way that all the LDAP users will be able to log in jekins and no other users will be able to read anything from Jenkins.

I know that it is possible to make different permissions for different user using Matrix based security. But, the number of LDAP users in my system in huge.

Does anyone know how to do it?

Thanks!

2
jenkinsldap

2 Answers

2
votes

As explained here: Configure default permissions for newly registered Jenkins users

You can use the Role Strategy plugin to create some application roles and apply them to your LDAP groups.

All your LDAP users must be included in a LDAP group (check with your IT team if a such group exists).

Next, install the plugin, create the roles/permissions and apply them to the relevant group.

In the permissions table, disable all roles for the anonymous users:

enter image description here

0
votes

  1. check your LDAP configuration in /configureSecurity/->LDAP->Test LDAP settings : you must see your user group, if not, fix it.

    In my case:

    • Group search base: ou=Groups
    • Group search filter: (& (cn={0}) (objectclass=groupOfUniqueNames))
    • Group membership: Group membership filter: (uniqueMember={0})

  2. In /configureSecurity/->Authorization : check "Role-Based Strategy"

  3. role-strategy/assign-roles : add you LDAP group to Global roles as viewer or admin and under item roles.