Security options in Jenkins

Question

I am learning Jenkins and i am using version 1.605. I am learning about setting security options in jenkins. I found below options in jenkins configure global security page under the security realms:-

1. Delegate to servlet container
2. Jenkins'own user database
3. LDAP

I want to understand in which scenario, which option should be used?Please help me understand.

Answer 1

Slav did a very clear answer.

If you choose the option 2 or 3, you can use the Role Stragegy plugin to create application roles and assign roles to Jenkins users, LDAP users or LDAP static/virtual groups.

If you have a lot of users, this plugin can save your life to assign permissions :)

Answer 2

• The "servlet container" refers to the web server that you are using to host Jenkins, typically Tomcat. The configuration file $CATALINA_BASE/conf/tomcat-users.xml may already be set up and managed by your organization. In this case: "why reinvent the wheel?". Use this if your organization already has a process that manages the Tomcat users configuration. This is also probably the most archaic solution.

• The "own user database" is just what it sound like. Instead of relying on something else, Jenkins keeps it's own database of users. You can create and delete users through the Jenkins UI. You can even let new users sign up right from UI. If you don't know what to use, use this one. It's simple and self-contained.

• The "LDAP" provides integration with LDAP/ Windows Active Directory. If you are in a corporate/small business environment that already utilizes LDAP for maintaining users and groups, it will be very beneficial to hook into that and off-load user management to the IT team that manages LDAP/AD. Note that unless you are that IT admin, you will need to contact the said admins for connection information/credentials to the LDAP/AD