Jenkins Integration with LDAP - Testing Connection Fails

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Jenkins Integration with LDAP - Testing Connection Fails

Mk-2
Hi Team,

I am trying to configure LDAP(AD) Authentication in our Jenkins, Below is my configuration settings, But test LDAP connection is failing.

Environment:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24


Server - ldap://ad-ldap-server.com
root DN: DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
      Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail


Error Message:-

1.png


Please let me know what is missing in my configuration?. Any help would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/dcb26c42-0de9-4f9c-8d28-da94896474d7o%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins Integration with LDAP - Testing Connection Fails

jeremy mordkoff
sounds like the user is valid but not a member of any groups. Is that possible? 



On Thursday, August 20, 2020 at 1:28:21 PM UTC-4 Mk wrote:
Hi Team,

I am trying to configure LDAP(AD) Authentication in our Jenkins, Below is my configuration settings, But test LDAP connection is failing.

Environment:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24


Server - ldap://ad-ldap-server.com
root DN: DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
      Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail


Error Message:-

1.png


Please let me know what is missing in my configuration?. Any help would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/b7a62833-43ca-4a9b-b229-dcba2b1a145an%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins Integration with LDAP - Testing Connection Fails

Mk-2
Hi Jeremy, Thanks for the reply. Actually ldapsearch command on jenkins master server terminal works. Below is the response.

ldapsearch -x -h ad-ldap-server.com -p 389 -D "CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com"  -b "OU=Users,OU=Division,OU=Team,DC=domain,DC=com" "(sAMAccountName=jenkins)" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <OU=Users,OU=Division,OU=Team,DC=domain,DC=com> with scope subtree
# filter: (sAMAccountName=jenkins)
# requesting: ALL
#

# search result
search
: 2
result
: 0 Success

# numResponses: 2
# numEntries: 1

Since i am getting reponse so seems i have permission to query the AD(LDAP) server.

Also tried Login name case sensitivity & Group name case sensitivity - Both with Case sensitive & Case insensitive but still same result.



On Friday, August 21, 2020 at 11:44:56 PM UTC+5:30, jeremy mordkoff wrote:
sounds like the user is valid but not a member of any groups. Is that possible? 



On Thursday, August 20, 2020 at 1:28:21 PM UTC-4 Mk wrote:
Hi Team,

I am trying to configure LDAP(AD) Authentication in our Jenkins, Below is my configuration settings, But test LDAP connection is failing.

Environment:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24


Server - ldap://<a href="http://ad-ldap-server.com" rel="nofollow" target="_blank" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;">ad-ldap-server.com
root DN: DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
      Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail


Error Message:-

1.png


Please let me know what is missing in my configuration?. Any help would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/07d7b887-2990-4949-bf37-5dd8e482111co%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins Integration with LDAP - Testing Connection Fails

Mk-2
Hi Jeremy,

I have tried by keeping the root DN as empty and enabled the tick mark - Allow blank rootDN. now my test connection is successful but took around 4mins to show the successful result. Below is the configuration used.

root DN - Allow blank rootDN

User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
     
Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail

Now how to figureout the login performace issue? Another thing keeping the root DN empty does not an issue?


On Saturday, August 22, 2020 at 10:00:55 AM UTC+5:30, Mk wrote:
Hi Jeremy, Thanks for the reply. Actually ldapsearch command on jenkins master server terminal works. Below is the response.

ldapsearch -x -h ad-ldap-server.com -p 389 -D "CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com"  -b "OU=Users,OU=Division,OU=Team,DC=domain,DC=com" "(sAMAccountName=jenkins)" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <OU=Users,OU=Division,OU=Team,DC=domain,DC=com> with scope subtree
# filter: (sAMAccountName=jenkins)
# requesting: ALL
#

# search result
search
: 2
result
: 0 Success

# numResponses: 2
# numEntries: 1

Since i am getting reponse so seems i have permission to query the AD(LDAP) server.

Also tried Login name case sensitivity & Group name case sensitivity - Both with Case sensitive & Case insensitive but still same result.



On Friday, August 21, 2020 at 11:44:56 PM UTC+5:30, jeremy mordkoff wrote:
sounds like the user is valid but not a member of any groups. Is that possible? 



On Thursday, August 20, 2020 at 1:28:21 PM UTC-4 Mk wrote:
Hi Team,

I am trying to configure LDAP(AD) Authentication in our Jenkins, Below is my configuration settings, But test LDAP connection is failing.

Environment:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24


Server - ldap://<a href="http://ad-ldap-server.com" rel="nofollow" target="_blank" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;">ad-ldap-server.com
root DN: DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
      Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail


Error Message:-

1.png


Please let me know what is missing in my configuration?. Any help would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3f90c60f-155c-4107-8fc1-4a9c44782f0bo%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins Integration with LDAP - Testing Connection Fails

Mk-2
Hi Jeremy,

Even LDAP Login slowness issue also resolved with below configuration.

Group membership filter - (memberOf={0})

Enable cache
Cache size - 200
Cache TTL - 30min

Now everything working as excepted, But would like to know that currently i am running root DN as empty and enabled - Allow blank rootDN in plugin section. Is this is fine?

On Saturday, August 22, 2020 at 11:55:37 AM UTC+5:30, Mk wrote:
Hi Jeremy,

I have tried by keeping the root DN as empty and enabled the tick mark - Allow blank rootDN. now my test connection is successful but took around 4mins to show the successful result. Below is the configuration used.

root DN - Allow blank rootDN

User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
     
Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail

Now how to figureout the login performace issue? Another thing keeping the root DN empty does not an issue?


On Saturday, August 22, 2020 at 10:00:55 AM UTC+5:30, Mk wrote:
Hi Jeremy, Thanks for the reply. Actually ldapsearch command on jenkins master server terminal works. Below is the response.

ldapsearch -x -h ad-ldap-server.com -p 389 -D "CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com"  -b "OU=Users,OU=Division,OU=Team,DC=domain,DC=com" "(sAMAccountName=jenkins)" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <OU=Users,OU=Division,OU=Team,DC=domain,DC=com> with scope subtree
# filter: (sAMAccountName=jenkins)
# requesting: ALL
#

# search result
search
: 2
result
: 0 Success

# numResponses: 2
# numEntries: 1

Since i am getting reponse so seems i have permission to query the AD(LDAP) server.

Also tried Login name case sensitivity & Group name case sensitivity - Both with Case sensitive & Case insensitive but still same result.



On Friday, August 21, 2020 at 11:44:56 PM UTC+5:30, jeremy mordkoff wrote:
sounds like the user is valid but not a member of any groups. Is that possible? 



On Thursday, August 20, 2020 at 1:28:21 PM UTC-4 Mk wrote:
Hi Team,

I am trying to configure LDAP(AD) Authentication in our Jenkins, Below is my configuration settings, But test LDAP connection is failing.

Environment:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24


Server - ldap://<a href="http://ad-ldap-server.com" rel="nofollow" target="_blank" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;">ad-ldap-server.com
root DN: DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
      Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail


Error Message:-

1.png


Please let me know what is missing in my configuration?. Any help would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/7d05dc28-3945-4fcb-965b-637bd4c723c7o%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins Integration with LDAP - Testing Connection Fails

Mk-2
Dear Team,

Now our LDAP Authentication working fine. I have question regarding "Display Name LDAP attribute: displayname" i have configured like this and for all logged in users, The display name shown as like below which is too lengthy/long.

First-Name/Sur-Name/Team-Name/Location/Title/Company-Name

Would like to display only First-Name + Sur-Name. For this i tried to change Display Name LDAP attribute: with name such as givenName, cn & sn but none of them are worked. So is it possible to display only First name + Sur-name in Jenkins for logged-in users?

On Sunday, August 23, 2020 at 10:37:42 AM UTC+5:30, Mk wrote:
Hi Jeremy,

Even LDAP Login slowness issue also resolved with below configuration.

Group membership filter - (memberOf={0})

Enable cache
Cache size - 200
Cache TTL - 30min

Now everything working as excepted, But would like to know that currently i am running root DN as empty and enabled - Allow blank rootDN in plugin section. Is this is fine?

On Saturday, August 22, 2020 at 11:55:37 AM UTC+5:30, Mk wrote:
Hi Jeremy,

I have tried by keeping the root DN as empty and enabled the tick mark - Allow blank rootDN. now my test connection is successful but took around 4mins to show the successful result. Below is the configuration used.

root DN - Allow blank rootDN

User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
     
Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail

Now how to figureout the login performace issue? Another thing keeping the root DN empty does not an issue?


On Saturday, August 22, 2020 at 10:00:55 AM UTC+5:30, Mk wrote:
Hi Jeremy, Thanks for the reply. Actually ldapsearch command on jenkins master server terminal works. Below is the response.

ldapsearch -x -h ad-ldap-server.com -p 389 -D "CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com"  -b "OU=Users,OU=Division,OU=Team,DC=domain,DC=com" "(sAMAccountName=jenkins)" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <OU=Users,OU=Division,OU=Team,DC=domain,DC=com> with scope subtree
# filter: (sAMAccountName=jenkins)
# requesting: ALL
#

# search result
search
: 2
result
: 0 Success

# numResponses: 2
# numEntries: 1

Since i am getting reponse so seems i have permission to query the AD(LDAP) server.

Also tried Login name case sensitivity & Group name case sensitivity - Both with Case sensitive & Case insensitive but still same result.



On Friday, August 21, 2020 at 11:44:56 PM UTC+5:30, jeremy mordkoff wrote:
sounds like the user is valid but not a member of any groups. Is that possible? 



On Thursday, August 20, 2020 at 1:28:21 PM UTC-4 Mk wrote:
Hi Team,

I am trying to configure LDAP(AD) Authentication in our Jenkins, Below is my configuration settings, But test LDAP connection is failing.

Environment:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24


Server - ldap://<a href="http://ad-ldap-server.com" rel="nofollow" target="_blank" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;">ad-ldap-server.com
root DN: DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
      Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail


Error Message:-

1.png


Please let me know what is missing in my configuration?. Any help would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3976221a-c5e1-4045-a5be-4d0d9e423069o%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins Integration with LDAP - Testing Connection Fails

Mk-2
Team, Is it possible to display only First name + Sur-name in Jenkins?


On Friday, August 28, 2020 at 9:56:39 AM UTC+5:30, Mk wrote:
Dear Team,

Now our LDAP Authentication working fine. I have question regarding "Display Name LDAP attribute: displayname" i have configured like this and for all logged in users, The display name shown as like below which is too lengthy/long.

First-Name/Sur-Name/Team-Name/Location/Title/Company-Name

Would like to display only First-Name + Sur-Name. For this i tried to change Display Name LDAP attribute: with name such as givenName, cn & sn but none of them are worked. So is it possible to display only First name + Sur-name in Jenkins for logged-in users?

On Sunday, August 23, 2020 at 10:37:42 AM UTC+5:30, Mk wrote:
Hi Jeremy,

Even LDAP Login slowness issue also resolved with below configuration.

Group membership filter - (memberOf={0})

Enable cache
Cache size - 200
Cache TTL - 30min

Now everything working as excepted, But would like to know that currently i am running root DN as empty and enabled - Allow blank rootDN in plugin section. Is this is fine?

On Saturday, August 22, 2020 at 11:55:37 AM UTC+5:30, Mk wrote:
Hi Jeremy,

I have tried by keeping the root DN as empty and enabled the tick mark - Allow blank rootDN. now my test connection is successful but took around 4mins to show the successful result. Below is the configuration used.

root DN - Allow blank rootDN

User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
     
Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail

Now how to figureout the login performace issue? Another thing keeping the root DN empty does not an issue?


On Saturday, August 22, 2020 at 10:00:55 AM UTC+5:30, Mk wrote:
Hi Jeremy, Thanks for the reply. Actually ldapsearch command on jenkins master server terminal works. Below is the response.

ldapsearch -x -h ad-ldap-server.com -p 389 -D "CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com"  -b "OU=Users,OU=Division,OU=Team,DC=domain,DC=com" "(sAMAccountName=jenkins)" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <OU=Users,OU=Division,OU=Team,DC=domain,DC=com> with scope subtree
# filter: (sAMAccountName=jenkins)
# requesting: ALL
#

# search result
search
: 2
result
: 0 Success

# numResponses: 2
# numEntries: 1

Since i am getting reponse so seems i have permission to query the AD(LDAP) server.

Also tried Login name case sensitivity & Group name case sensitivity - Both with Case sensitive & Case insensitive but still same result.



On Friday, August 21, 2020 at 11:44:56 PM UTC+5:30, jeremy mordkoff wrote:
sounds like the user is valid but not a member of any groups. Is that possible? 



On Thursday, August 20, 2020 at 1:28:21 PM UTC-4 Mk wrote:
Hi Team,

I am trying to configure LDAP(AD) Authentication in our Jenkins, Below is my configuration settings, But test LDAP connection is failing.

Environment:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24


Server - ldap://<a href="http://ad-ldap-server.com" rel="nofollow" target="_blank" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;">ad-ldap-server.com
root DN: DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
      Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail


Error Message:-

1.png


Please let me know what is missing in my configuration?. Any help would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/50696862-4403-4818-9acc-f1dba06ec1e9o%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins Integration with LDAP - Testing Connection Fails

Mk-2
I have fixed it. Each time when we change/update the "Display Name LDAP attribute" value in LDAP configuration section, We need to delete the user from people category and need to login. Post that it displays the configured settings.

On Wednesday, September 2, 2020 at 9:57:31 AM UTC+5:30, Mk wrote:
Team, Is it possible to display only First name + Sur-name in Jenkins?


On Friday, August 28, 2020 at 9:56:39 AM UTC+5:30, Mk wrote:
Dear Team,

Now our LDAP Authentication working fine. I have question regarding "Display Name LDAP attribute: displayname" i have configured like this and for all logged in users, The display name shown as like below which is too lengthy/long.

First-Name/Sur-Name/Team-Name/Location/Title/Company-Name

Would like to display only First-Name + Sur-Name. For this i tried to change Display Name LDAP attribute: with name such as givenName, cn & sn but none of them are worked. So is it possible to display only First name + Sur-name in Jenkins for logged-in users?

On Sunday, August 23, 2020 at 10:37:42 AM UTC+5:30, Mk wrote:
Hi Jeremy,

Even LDAP Login slowness issue also resolved with below configuration.

Group membership filter - (memberOf={0})

Enable cache
Cache size - 200
Cache TTL - 30min

Now everything working as excepted, But would like to know that currently i am running root DN as empty and enabled - Allow blank rootDN in plugin section. Is this is fine?

On Saturday, August 22, 2020 at 11:55:37 AM UTC+5:30, Mk wrote:
Hi Jeremy,

I have tried by keeping the root DN as empty and enabled the tick mark - Allow blank rootDN. now my test connection is successful but took around 4mins to show the successful result. Below is the configuration used.

root DN - Allow blank rootDN

User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
     
Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail

Now how to figureout the login performace issue? Another thing keeping the root DN empty does not an issue?


On Saturday, August 22, 2020 at 10:00:55 AM UTC+5:30, Mk wrote:
Hi Jeremy, Thanks for the reply. Actually ldapsearch command on jenkins master server terminal works. Below is the response.

ldapsearch -x -h ad-ldap-server.com -p 389 -D "CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com"  -b "OU=Users,OU=Division,OU=Team,DC=domain,DC=com" "(sAMAccountName=jenkins)" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <OU=Users,OU=Division,OU=Team,DC=domain,DC=com> with scope subtree
# filter: (sAMAccountName=jenkins)
# requesting: ALL
#

# search result
search
: 2
result
: 0 Success

# numResponses: 2
# numEntries: 1

Since i am getting reponse so seems i have permission to query the AD(LDAP) server.

Also tried Login name case sensitivity & Group name case sensitivity - Both with Case sensitive & Case insensitive but still same result.



On Friday, August 21, 2020 at 11:44:56 PM UTC+5:30, jeremy mordkoff wrote:
sounds like the user is valid but not a member of any groups. Is that possible? 



On Thursday, August 20, 2020 at 1:28:21 PM UTC-4 Mk wrote:
Hi Team,

I am trying to configure LDAP(AD) Authentication in our Jenkins, Below is my configuration settings, But test LDAP connection is failing.

Environment:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24


Server - ldap://<a href="http://ad-ldap-server.com" rel="nofollow" target="_blank" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fad-ldap-server.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBcIblfwiASERICqRtvKU-Wwsekg&#39;;return true;">ad-ldap-server.com
root DN: DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
      Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail


Error Message:-

1.png


Please let me know what is missing in my configuration?. Any help would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/b0561ee4-4f3a-40c6-bdf1-2368ab1872d2o%40googlegroups.com.