Out of curiosity, have you gotten the groups to work in this config?
I have this same setup working, but I can only see groups IFF the user
already has admin rights (which is very backwards and useless, as groups
are mostly meaningless if you are already admin). I opened a bug with LDAP
plugin (https://issues.jenkins-ci.org/browse/JENKINS-37858)
-M
On Tuesday, September 20, 2016 at 9:49:05 AM UTC-7, Neil White wrote:
>
> I'm running Jenkins 2.21 and I got it running on LDAP with only the
> following details.
> This is from the config.xml, which you can translate into the frontend.
>
> <server>ipa.example.com</server>
> <rootDN>dc=example,dc=com</rootDN>
> <inhibitInferRootDN>false</inhibitInferRootDN>
> <userSearchBase>cn=users,cn=accounts</userSearchBase>
> <userSearch>uid={0}</userSearch>
> <groupSearchBase>cn=groups,cn=accounts</groupSearchBase>
>
> <groupSearchFilter>memberOf=cn=jenkins,cn=groups,cn=accounts,dc=example,dc=com</groupSearchFilter>
> <groupMembershipStrategy
> class="jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy">
> <filter></filter>
> </groupMembershipStrategy>
> <managerDN>uid=jenkins,cn=sysaccounts,cn=etc,dc=example,dc=com</managerDN>
>
> <managerPasswordSecret>TRLkkCtAA1X2hAyqXXXXXXXXXXXXXXXXXXXOsJz8Q3txUCTprcl/qTItIFNDrR5x7</managerPasswordSecret>
> <disableMailAddressResolver>false</disableMailAddressResolver>
> <displayNameAttributeName>displayname</displayNameAttributeName>
> <mailAddressAttributeName>mail</mailAddressAttributeName>
> <userIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/>
> <groupIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/>
> </securityRealm>
>
>
>
>
> On Saturday, September 19, 2015 at 1:03:25 PM UTC+2, Yogesh Sharma wrote:
>>
>> Hi List,
>>
>> I am trying to integrate Jenkins with FreeIPA LDAP. Configuration is done
>> and seems to be OK as there is no error. However, I am not able to
>> authenticate into the Jenkins using FreeIPA LDAP users.
>>
>> Jenkins logs does not say anything. Tried adding Log Level:
>>
>> org.acegisecurity.providers.ldap.authenticator,org.acegisecurity.providers.ldap.LdapAuthenticationProvider
>>
>> (WARNING) but does not help.
>>
>> Below is LDAP Config in Jenkins:
>>
>>
>> root DN [image: Help for feature: root DN]
>> <http://localhost:8080/configureSecurity/#>
>> Allow blank rootDN
>> User search base [image: Help for feature: User search base]
>> <http://localhost:8080/configureSecurity/#>
>> User search filter [image: Help for feature: User search filter]
>> <http://localhost:8080/configureSecurity/#>
>>
>> Case sensitivity...
>> Group search base [image: Help for feature: Group search base]
>> <http://localhost:8080/configureSecurity/#>
>> Group search filter [image: Help for feature: Group search filter]
>> <http://localhost:8080/configureSecurity/#>
>> Group membership
>> Parse user attribute for list of groups
>> Search for groups containing user
>> Group membership filter
>> Manager DN [image: Help for feature: Manager DN]
>> <http://localhost:8080/configureSecurity/#>
>> Manager Password [image: Help for feature: Manager Password]
>> <http://localhost:8080/configureSecurity/#>
>> Display Name LDAP attribute [image: Help for feature: Display Name
>> LDAP attribute] <http://localhost:8080/configureSecurity/#>
>> Email Address LDAP attribute [image: Help for feature: Email Address
>> LDAP attribute] <http://localhost:8080/configureSecurity/#>
>> Disable Ldap Email Resolver
>> Enable cache [image: Help for feature: Enable cache]
>> <http://localhost:8080/configureSecurity/#>
>> Environment Properties
>> Add
>> [image: Help for feature: Environment Properties]
>> <http://localhost:8080/configureSecurity/#>
>> Login with Google [image: Help for feature: Login with Google]
>> <http://localhost:8080/configureSecurity/#>
>> PWauth Authentication [image: Help for feature: PWauth Authentication]
>> <http://localhost:8080/configureSecurity/#>
>> Unix user/group database [image: Help for feature: Unix user/group
>> database] <http://localhost:8080/configureSecurity/#>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/00d524dc-7f5d-4792-927f-3d3d173ed5a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
