使用LDAP配置Jenkins [英] Configure Jenkins with LDAP

问题描述

LDAP对我来说是新的，我尝试将其与Jenkins一起使用.我正在使用slapd

LDAP is new to me and I try to use it with Jenkins. I am using slapd

我用用户admin + 1个用户adenoyelle(通过dpkg reconfigure)创建了一个简单的树.我不明白Jenkins将如何找到LDAP用户.

I created a simple tree with the user admin + 1 user adenoyelle (via dpkg reconfigure). I do not understand how Jenkins will find the LDAP users.

这是ldapsearch的结果:

root@myserver:~# ldapsearch -x -b 'dc=mycompany,dc=com'
# extended LDIF
#
# LDAPv3
# base <dc=mycompany,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# mycompany.com
dn: dc=mycompany,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: mycompany.com
dc: mycompany

# admin, mycompany.com
dn: cn=admin,dc=mycompany,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# adenoyelle, mycompany.com
dn: cn=adenoyelle,dc=mycompany,dc=com
cn: adenoyelle
objectClass: simpleSecurityObject
objectClass: organizationalRole
objectClass: top

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3

问题1):这种结构看起来不错吗?

Question 1) : Does this structure look good?

我尝试使用这些选项配置Jenkins:

I tried to configure Jenkins with those options :

LDAP server: ldap://mycompany.com:389
root DN : dc=mycompany,dc=com
DN manager : cn=admin,dc=mycompany,dc=com
manager password : ******

当我尝试连接adenoyelle/*****时，收到消息:

When I try to connect with adenoyelle/*****, I get the message :

詹金斯(Jenkins)无效的登录信息.请重试

问题2)?我是否缺少配置文件?

Question 2) Am I missing a piece of configuration?

推荐答案

现在，我不确定jenkins是如何查找用户的，但是我非常确定它是基于 uid 这样的属性的.据我所知，这种属性在LDAP中不可用.

Right now I'm not sure on how jenkins looks up the users but im fairly sure it's based on an attribute like uid. And such an attribute is not available in the LDAP as far as I can see.

您可能想要添加一个对象类ox inetorgperson或posixaccount，因为它们需要uid属性.另外，您也许可以在jenkins的ldap-config中设置使用cn而不是uid的用户过滤器.明天我必须大胆地讲一下，以便为您提供有关该信息的更多信息.

You might want to add an objectclass ox inetorgperson or posixaccount as these require a uid attribute. Alternatively you might be able to set a user filter in the ldap-config of jenkins that uses the cn instead of the uid. I'd have to lool that up tomorrow to give you more information on that one.

但是，请不要介意我为什么要为登录jenkins而建立自己的LDAP部门?这不是很多开销吗?还是您想使用该目录更多?

But don't mind me asking why you want to set up an own LDAP dieectory just for logging into jenkins? Isn't that a bit much overhead? Or are you thinking of using that directory for more?

这篇关于使用LDAP配置Jenkins的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！