Ashootosh Bhardwaj
Ashootosh Bhardwaj

Reputation: 408

Ldap group configuration in Jenkins

I recently installed Jenkins and Ldap plugin. I am able to setup User Authentication in Jenkins but now I want to setup groups as well. However, my organization's Ldap is bit tricky and I am not been able to set it up properly from group perspective. Here is my company's LDAP tree structure:

LDAP Tree Structure

I am using Java 1.8, Jenkins LDAP Plugin 1.20, Jenkins 2.176.2

Here is what I am trying in LDAP fields: LDAP Settings

Upvotes: 1

Views: 10436

Answers (1)

EricLavault
EricLavault

Reputation: 16105

Try this configuration :

root DN             : dc=domain,dc=com       # root base dn
User search base    : ou=People              # relative to the root search base
Group search base   : ou=Groups              # relative to the root search base
User search filter  : uid={0}
Group search filter : (& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup)))
Group membership    : (| (member={0}) (uniqueMember={0}) (memberUid={1}))
  • The Group search filter above is the default value, use it as is if you're not sure which objectClass defines your groups, otherwise remove the OR conditions to reduce the scope of the search, eg. : (& (cn={0})(objectclass=groupOfNames)). The most common objet class used to manage groups is groupOfNames that provides the member attribute to handle memberships.

  • The Group membership above is set to default as well (in mode "Search for groups containing user"). Now, if your groups have objectClass "groupOfNames" for example, you just need the filter member={0}. Another objectClass might rely on another membership attribute (like "uniqueMember" for "groupOfUniqueNames"). That said, if your backend provides the memberOf attribute, you would probably prefer switching to the other mode "Parse user attribute for list of groups" and set Group membership attribute : memberOf (see here).

Upvotes: 2

Related Questions