Getting Jenkins to Work With LDAP
I sent up a jenkins server at work to help automate my teams builds and perform some basic testing on every build. One of the requirements for using it is that it must be secured. At work, we have an ldap server, which I previously used to secure our gerrit setup. Setting up jenkins to work well with the ldap server was a little for complicated. As a quick google search for “jenkins ldap slow” demonstrates.
The problem is with jenkins configured to query our ldap server, it was taking several minutes to login. Which was long enough that I would start to work on something else, forget about the login for a while, and then come back after my login session had expired and have to start the login process again.
After much searching and trial and error. Here are the setting I had to use to get rid of the login delay.
Under “Manage Jenkins” => “Configure System” => “Access Control” => “Security Realm” => “LDAP”
- Server = address of the ldap server to query.
- root DN = blank
- Allow blank rootDN = TRUE
- User search base = blank
- User search filter = uid={0}
- Group search base = blank
- Group search filter = blank
- Group membership filter = (member={0})
The LDAP Plugin wiki page contains more information about all the setting. However, not knowing much about LDAP, a lot of it was not helpful to me. Although one cool thing I discovered while investigating this, was the “Script Console.” This is a page under the “Manage Jenkins” section that allows you to run scripts against the running jenkins instance. It is kind of like a primative jenkins REPL.