LDAP authentication not working with Jenkins

3
votes

Please, help me out on below query :

I am trying to configure LDAP authentication in my Jenkins tool. I have done below setup on Jenkins for LDAP authentication,still I am not able to login.

Server : ldaps://rootdc1.myweb.com:636

root DN : DC=MYWEB,DC=COM

User search base : DC=MYWEB,DC=COM

User search filter : sAMAccountName={0}

Group search base : DC=MYWEB,DC=COM

Manager DN : CN=rhunt,OU=ApplicationUsers,DC=MYWEB,DC=COM

Below is the error coming when trying to login :

Invalid login information. Please try again. Try again If you are a system administrator and suspect this to be a configuration problem, see the server console output for more details.

Thanks in advance!

2
jenkinsldap
Have you taken a look at the server console output ? Does it give more details about the login problem ? - Roshith
Yes, it is giving information about login authentication in console output. Below is the error code : - saurabh
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT - saurabh
The error message indicates that there is no such DN as "CN=rhunt,OU=ApplicationUsers,DC=MYWEB,DC=COM" in you LDAP directory. Can you expand the DIT and check if the the hierarchy and the attributes of CN=rhunt are correct ? You can use an LDAP browser like Apache Directory Studio to connect. - Roshith
In Jenkins Configure Global Security, we need to pass only following parameters to successfully connect and login through LDAP authentication: Server: ldaps://rootdc1.myweb.com:636 Root DN: DC= DC=MYWEB,DC=COM User search filter: sAMAccountName={0} Manager DN: CN=rhunt,OU=ApplicationUsers,DC=MYWEB,DC=COM Manager Password: ******** - saurabh

2 Answers

2
votes

In Jenkins Configure Global Security, we need to pass parameters only to following tabs to successfully connect through LDAP authentication and leave remaining fields empty:

Server: ldaps://rootdc1.myweb.com:636

Root DN: DC= DC=MYWEB,DC=COM

User search filter: sAMAccountName={0}

Manager DN: CN=rhunt,OU=ApplicationUsers,DC=MYWEB,DC=COM

Manager Password: ********

0
votes

In Jenkins LDAP Plugin, there is a method normalizeUserSearchBase

return userSearchBase + "," + rootDN; which concat userSearchBase and rootDN.

So here you should fill the User search base field with value wiped off rootDN. in your case leave empty.