jenkins active directory project matrix
Here’s a howto guide on a Redhat Box using Active Directory Authentication:
This example uses the following…
AD Servername
foo.com
User used to search AD
CN=jenkins,OU=Utility,OU=foo_Internal,OU=All_Users,DC=foo,DC=com
OU that contains users that will access jenkins
OU=foo_Internal,OU=All_Users,DC=foo,DC=com
OU that contains the groups to be used for project matrix auth
OU=Groups,DC=foo,DC=com
Group we want to give all permissions except admin to
CN=MYGROUP, OU=Groups,DC=foo,DC=com
hint, to find DN of your users place this in notepad and save it as .bat and run it on domain controller:
del c:\activeUsers.txt DSQUERY.exe * -limit 0 -filter "(&(objectCategory=Person)(objectClass=User)(!userAccountControl:1.2.840.113556.1.4.803:=2))" >"c:\activeUsers.txt" C:\WINDOWS\NOTEPAD.EXE c:\activeUsers.txt del c:\activegroups.txt DSQUERY.exe group > c:\activegroups.txt C:\WINDOWS\NOTEPAD.EXE c:\activegroups.txt
Step 1:
- Configure your LDAP settings
- Select “anyone can do anything”
- Save your settings (your must Save your settings before attempting any modifications to project matrix)
- Verify you can log in to jenkins
Step 2:
- After saving select “project matrix authentication”
- In the text field “User/group to add” input “ROLE_”, example “ROLE_MYGROUP”
- Click Add (NOTE, the red stop icon will appear, this is a bug in jenkins!)
- Set permissions for the group
- Add the username for an Active Directory user that will be admin (I used user ‘aduser’ below)
- Click Add
- Give user admin permissions
- Click Save
Your config.xml security section should look like something like this:
