如何从Jenkins删除LDAP用户 [英] How to remove an LDAP user from Jenkins

问题描述

我知道这很奇怪，但是我无法从Jenkins删除/禁用用户.我到处检查，但没有机会.

I know it's weird but I can't delete/disable users from Jenkins. I check everywhere but no chance.

Jenkins ver是2.217

Jenkins ver is 2.217

当我单击人"-任何用户"时，选项如下所示；

When I click "People"-->"Any User", the options are like below;

如果我单击配置"，页面，也没有任何内容.

If I click "configure" page and there is also nothing.

我还选中了管理詹金斯"-配置全局安全性".但那里也没有.

I also checked "Manage jenkins"->"Configure Global Security" but nothing in there also.

我该怎么做?

谢谢！

推荐答案

您正在混合两个不同的问题，不幸的是，这些问题经常发生.参见{JENKINS_URL}/securityRealm/:

You are mixing two different issues, which unfortunately happens often. See {JENKINS_URL}/securityRealm/:

• 身份验证-验证您的身份
• 授权-验证您可以做什么

您正在使用 LDAP插件对Jenkins进行身份验证(即:用户名/密码方面).目前尚不清楚您正在使用什么进行授权-允许用户做什么.开箱即用，经过身份验证的用户可以执行任何操作，除非您更改授权"方面.

You are using LDAP plugin to authenticate to Jenkins (ie: username/password aspect). It's not clear what you are using for Authorization - what users are allowed to do. Out of the box, authenticated users can do anything unless you change the Authorization aspect.

如果没有其他要求，请确保已选择系统来保护您的系统:
(o)登录的用户可以做任何事情
和已禁用:
[_]允许匿名读取访问权限
(请参见此提示在事实之后添加管理员)

If nothing else, to secure your system, make sure you have selected:
( o ) Logged-in users can do anything
and disabled:
[ _ ] Allow anonymous read access
(see this tip to add an admin after the fact)

默认身份验证是Jenkins自己的内部身份验证，但是如果您有LDAP，只要有人正确地位于LDAP中，它们就会被身份验证.如果您将它们从LDAP中删除，它们将无法进入.LDAP插件确实提供了一些控制功能，因为它可以对组进行筛选以进行粒度验证.

The default authentication is Jenkins own internal authentication, but if you have LDAP, as long as someone is properly in the LDAP, they will be Authenticated. If you remove them from the LDAP they can't get in. LDAP plugin does provide for some control in that it can filter on a group for granular authentication.

假设您对此无能为力，那么您需要的是一种授权形式-他们可以做什么?屏幕的第二部分.

Assuming you have no control over that, what you need is a form of Authorization - what can they do; the second portion of the screen.

我不相信有一个基于LDAP的插件将Authorization和LDAP组集成在一起.这将需要一个 SCIM兼容插件.甚至 GitHub.com 才刚刚出现将该功能添加到了他们的网站.

I don't believe there's an LDAP based plugin that integrates Authorization with LDAP groups. That would require a SCIM compliant plugin. Even GitHub.com has only just recently added that capability to their site.

要限制访问，必须将授权"配置为以下其中一项:

To restrict access, you must configure Authorization to one of:

• 基于矩阵的安全性
• 基于项目的矩阵授权策略
• 基于角色的策略

这些选项需要矩阵授权策略插件.有关更多信息，请在该网站或

Those options require Matrix Authorization Strategy plugin. For more information, review Jenkins Security on the site, or the book.

有用户mgmt ，安全或矩阵授权策略(提到)，

There are additional plugins which may provide more granular user mgmt, security or user/security control; Matrix Authorization Strategy(mentioned), Role-based Authorization Strategy, Folder-based Authorization Strategy come to mind.

您可以实现简单的两个角色:管理员角色和用户角色.默认情况下，既不分配用户，也不分配用户，直到他们请求进一步的访问权限为止.或授予每个用户用户"，然后有选择地从用户中删除所有角色以有效地禁用它们-它们将登录，但看不到或无法执行任何操作.只要您具有LDAP身份验证并且没有控件，那便是最好的选择.

You can implement something s simple as two roles: and Admin role and a User role. By default, assign a user neither, or just gets User until they request further access. Or grant everyone User, then selectively remove all roles from a user to effectively disable them - they'll be logged in but can't see or do anything. That's the best you can do as long as you have LDAP authentication and no controls.

这篇关于如何从Jenkins删除LDAP用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！