Hi Jeremy,
Even LDAP Login slowness issue also resolved with below configuration.
Group membership filter - (memberOf={0})
Enable cache
Cache size - 200
Cache TTL - 30min
Now everything working as excepted, But would like to know that currently i
am running* root DN* as *empty *and *enabled - Allow blank rootDN* in
plugin section. Is this is fine?
On Saturday, August 22, 2020 at 11:55:37 AM UTC+5:30, Mk wrote:
>
> Hi Jeremy,
>
> I have tried by keeping the *root DN* as *empty *and enabled the* tick
> mark - Allow blank rootDN. *now my test connection is successful but took
> around *4mins* to show the successful result. Below is the configuration
> used.
>
> root DN - Allow blank rootDN
>
> User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
> User search filter: sAMAccountName={0}
> Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
> Group search filter: (&(objectclass=group)(cn={0}))
> Group membership
> Group membership filter - (&(objectCategory=group)(member:1.2.
> 840.113556.1.4.1941:={0}))
> Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
> Manager Password: password
> Display Name LDAP attribute: displayname
> Email Address LDAP attribute: mail
>
> Now how to figureout the login performace issue? Another thing keeping the
> *root
> DN* empty does not an issue?
>
>
> On Saturday, August 22, 2020 at 10:00:55 AM UTC+5:30, Mk wrote:
>>
>> Hi Jeremy, Thanks for the reply. Actually *ldapsearch* command on
>> jenkins master server terminal works. Below is the response.
>>
>> ldapsearch -x -h ad-ldap-server.com -p 389 -D
>> "CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com" -b
>> "OU=Users,OU=Division,OU=Team,DC=domain,DC=com"
>> "(sAMAccountName=jenkins)" -W
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <OU=Users,OU=Division,OU=Team,DC=domain,DC=com> with scope subtree
>> # filter: (sAMAccountName=jenkins)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> Since i am getting reponse so seems i have permission to query the
>> AD(LDAP) server.
>>
>> Also tried *Login name case sensitivity* & *Group name case sensitivity*
>> - Both with *Case sensitive* & *Case insensitive *but still same result.
>>
>>
>>
>> On Friday, August 21, 2020 at 11:44:56 PM UTC+5:30, jeremy mordkoff wrote:
>>>
>>> sounds like the user is valid but not a member of any groups. Is that
>>> possible?
>>>
>>>
>>>
>>> On Thursday, August 20, 2020 at 1:28:21 PM UTC-4 Mk wrote:
>>>
>>>> Hi Team,
>>>>
>>>> I am trying to configure LDAP(AD) Authentication in our Jenkins, Below
>>>> is my configuration settings, But test LDAP connection is failing.
>>>>
>>>> Environment:-
>>>> Jenkins Version - 2.235.5(LTS)
>>>> LDAP Plugin - 1.24
>>>>
>>>>
>>>> Server - ldap://ad-ldap-server.com
>>>> root DN: DC=domain,DC=com
>>>> User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
>>>> User search filter: sAMAccountName={0}
>>>> Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
>>>> Group search filter: (&(objectclass=group)(cn={0}))
>>>> Group membership
>>>> Group membership filter -
>>>> (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
>>>> Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
>>>> Manager Password: password
>>>> Display Name LDAP attribute: displayname
>>>> Email Address LDAP attribute: mail
>>>>
>>>>
>>>> Error Message:-
>>>>
>>>> [image: 1.png]
>>>>
>>>> Please let me know what is missing in my configuration?. Any help would
>>>> be appreciated.
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/7d05dc28-3945-4fcb-965b-637bd4c723c7o%40googlegroups.com.
