LDAP authentication not working with Jenkins

3
votes

Please, help me out on below query :

I am trying to configure LDAP authentication in my Jenkins tool. I have done below setup on Jenkins for LDAP authentication,still I am not able to login.

Server : ldaps://rootdc1.myweb.com:636

root DN : DC=MYWEB,DC=COM

User search base : DC=MYWEB,DC=COM

User search filter : sAMAccountName={0}

Group search base : DC=MYWEB,DC=COM

Manager DN : CN=rhunt,OU=ApplicationUsers,DC=MYWEB,DC=COM

Below is the error coming when trying to login :

Invalid login information. Please try again. Try again If you are a system administrator and suspect this to be a configuration problem, see the server console output for more details.

Thanks in advance!

2
jenkinsldap
Have you taken a look at the server console output ? Does it give more details about the login problem ?Roshith
Yes, it is giving information about login authentication in console output. Below is the error code :saurabh
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECTsaurabh
The error message indicates that there is no such DN as "CN=rhunt,OU=ApplicationUsers,DC=MYWEB,DC=COM" in you LDAP directory. Can you expand the DIT and check if the the hierarchy and the attributes of CN=rhunt are correct ? You can use an LDAP browser like Apache Directory Studio to connect.Roshith
In Jenkins Configure Global Security, we need to pass only following parameters to successfully connect and login through LDAP authentication: Server: ldaps://rootdc1.myweb.com:636 Root DN: DC= DC=MYWEB,DC=COM User search filter: sAMAccountName={0} Manager DN: CN=rhunt,OU=ApplicationUsers,DC=MYWEB,DC=COM Manager Password: ********saurabh

2 Answers

2
votes

In Jenkins Configure Global Security, we need to pass parameters only to following tabs to successfully connect through LDAP authentication and leave remaining fields empty:

Server: ldaps://rootdc1.myweb.com:636

Root DN: DC= DC=MYWEB,DC=COM

User search filter: sAMAccountName={0}

Manager DN: CN=rhunt,OU=ApplicationUsers,DC=MYWEB,DC=COM

Manager Password: ********

0
votes

In Jenkins LDAP Plugin, there is a method normalizeUserSearchBase

return userSearchBase + "," + rootDN; which concat userSearchBase and rootDN.

So here you should fill the User search base field with value wiped off rootDN. in your case leave empty.