LDAP application (4) Jenkins access

LDAP Application articles （4）Jenkins Access

To configure Jenkins Access LDAP You need to be careful , Because once enabled in the configuration LDAP After verifying the user , Previous users will not be able to log in , Include admin Account .

Certificate configuration

If Jenkins adopt ldaps Access , Must be configured separately java Certificate of operating environment . If you use ldap Access Agreement , You can skip this part .

Download and import

Certificate configuration , It only takes two steps , That is, download and import . At the time of import , According to jdk The version location will be slightly different , In especial jdk11 Version above , No more jre Catalog , Please note that ！

openssl s_client -connect <address>:636 >> host.crt
keytool -import -trustcacerts -alias <address> -file host1.crt -keystore /usr/java/jdk-17.0.3.1/lib/security/cacerts

When importing certificates , You need to enter the certificate password , The password defaults to ： changeit . In fact, I don't know how this came from , It seems that everyone uses it like this ~~~

Some documents will first clear the BEGIN CERTIFICATE and END CERTIFICATE Content , But according to the actual measurement , These operations are not required .

Jenkins Configuration in

Security configuration

Get into Global security configuration in , Fill in the information according to the general operation on the Internet , Note the following two items ： User search base And Group search base , Represents the search starting point for users and groups , Don't enter the complete DN Information , Just enter the last section of users and groups ou that will do .

Display Name LDAP attribute One is used to display the user name , But in general posixAccount Account does not have this attribute , It can be changed to cn attribute .

Do not save directly after modification , Be sure to click Test LDAP settings Button , Save after confirmation ！！！

Role based matrix authorization

Role based matrix authorization will not be repeated here , Just configured in the previous step LDAP after , It must be here Assign Roles Page Global roles in , Ensure that at least one user has admin role . In this way, the user can be managed normally Jenkins.

Troubleshooting

As mentioned at the beginning , In case of an accident when modifying , Cause unable to log in , It can also be repaired by the following methods . stay Jenkins Look for config.xml file , If the environment variable is configured JENKINS_HOME , The file may be in the specified directory . Open the file , Configure the following content as false ：

<useSecurity>flase</useSecurity>

restart Jenkins After service , You will find that the system allows anonymous login , And you can do anything .

Reference material

• Jenkins Use LDAP authentication