Daniel Beck (2013-11-18 13:36):
On 18.11.2013, at 11:07, dennys <dennys.hs...@gmail.com> wrote:
I think I can use LDAP plugin, but I cannot find a sample. For example, our
AD doesn't allow anonymous query, but I'm not sure how to configure the
"manager DN". Is there a sample of AD for LDAP plugin?
I've been using the LDAP plugin for Active Directory integration successfully
for over a year.
To determine a user's DN, use e.g. the free Softerra LDAP Browser and search
for the name of the user you want to authenticate Jenkins with. Example query
filter: '(CN=username)' -- without any domain prefix, i.e. only 'user', not
'domain\user' -- (see also
https://en.wikipedia.org/wiki/LDAP#Search_and_Compare )
The search result will look like 'CN=username,OU=Users,DC=example,DC=org'. This
is the DN.
There's also the helpful LDAP Plugin wiki page:
https://wiki.jenkins-ci.org/display/JENKINS/LDAP+Plugin
I also have problem on LDAP so this might not help you, but correct
configuration is (or at least working for me):
* server: "your-ad.domain.com"
* rootDN: "DC=your-ad,DC=domain,DC=com,DC=pl"
* userSearchBase: "CN=Users" - this might be different depending on
you AD structure. NOTE! The auth will work without it but will be
VERY slow.
* user search filter: "sAMAccountName={0}"
* managerDN: "Domain\someUser" - this is any user with rights to list
user accounts AFAIK. So probably any user in your domain will do.
* managerPassword: <someUser password>
You can also turn on caching, but again I'm having OutOfMemoryError
errors too, so I'm not sure what is the problem.
Regards,
Nux.
--
You received this message because you are subscribed to the Google Groups "Jenkins
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
