Daniel Beck (2013-11-18 13:36):
On 18.11.2013, at 11:07, dennys <[email protected]> wrote:
I think I can use LDAP plugin, but I cannot find a sample. For example, our
AD doesn't allow anonymous query, but I'm not sure how to configure the
"manager DN". Is there a sample of AD for LDAP plugin?
I've been using the LDAP plugin for Active Directory integration successfully
for over a year.
To determine a user's DN, use e.g. the free Softerra LDAP Browser and search
for the name of the user you want to authenticate Jenkins with. Example query
filter: '(CN=username)' -- without any domain prefix, i.e. only 'user', not
'domain\user' -- (see also
https://en.wikipedia.org/wiki/LDAP#Search_and_Compare )
The search result will look like 'CN=username,OU=Users,DC=example,DC=org'. This
is the DN.
There's also the helpful LDAP Plugin wiki page:
https://wiki.jenkins-ci.org/display/JENKINS/LDAP+Plugin
I also have problem on LDAP so this might not help you, but correct
configuration is (or at least working for me):
* server: "your-ad.domain.com"
* rootDN: "DC=your-ad,DC=domain,DC=com,DC=pl"
* userSearchBase: "CN=Users" - this might be different depending on
you AD structure. NOTE! The auth will work without it but will be
VERY slow.
* user search filter: "sAMAccountName={0}"
* managerDN: "Domain\someUser" - this is any user with rights to list
user accounts AFAIK. So probably any user in your domain will do.
* managerPassword: <someUser password>
You can also turn on caching, but again I'm having OutOfMemoryError
errors too, so I'm not sure what is the problem.
Regards,
Nux.
--
You received this message because you are subscribed to the Google Groups "Jenkins
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
