Jenkins LDAP - 根 DN 和显示名称 LDAP 属性
Jenkins LDAP - root DN & Display Name LDAP attribute
这个问题是关于 Jenkins LDAP root DN
& Display Name LDAP attribute
环境:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24
我正在尝试在我们的 Jenkins 中配置 LDAP(AD) 身份验证,下面是配置设置。
root DN - DC=Company,DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail
但是在测试 LDAP 连接时它失败了以下错误。
Login
Authentication: failed for user "jenkins-user"
Lookup
User lookup: failed for user "jenkins-user"
LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=domain,DC=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=domain,DC=com'
]; remaining name 'OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com'
LDAP Group lookup: could not verify.
Please try with a user that is a member of at least one LDAP group.
Lockout
The user "jenkins-user" will be unable to login with the supplied password.
If this is your own account this would mean you would be locked out!
Are you sure you want to save this configuration?
假设如果我将 root DN
保持为空并且 enabled the tick mark
- Allow blank rootDN
。我的测试连接成功了。
但我想知道目前我在插件部分 运行 root DN
为空,enabled - Allow blank rootDN
。这适合生产环境吗?
同样对于已登录的用户,如下所示的显示名称太长了。
First-Name/Sur-Name/Team-Name/Location/Title/Company-Name
我只想显示 First-Name + Sur-Name
。为此,我尝试将 Display Name LDAP attribute:
更改为 name, givenName, cn & sn
,但其中 none 有效。那么是否可以在 Jenkins 中只显示 First name + Sur-name?
我已经修好了。每次当我们 change/update
LDAP 配置部分中的 Display Name LDAP attribute
值时,我们需要 delete
人员类别中的用户并需要登录。 Post 它显示配置的设置。
这个问题是关于 Jenkins LDAP root DN
& Display Name LDAP attribute
环境:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24
我正在尝试在我们的 Jenkins 中配置 LDAP(AD) 身份验证,下面是配置设置。
root DN - DC=Company,DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail
但是在测试 LDAP 连接时它失败了以下错误。
Login
Authentication: failed for user "jenkins-user"
Lookup
User lookup: failed for user "jenkins-user"
LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=domain,DC=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=domain,DC=com'
]; remaining name 'OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com'
LDAP Group lookup: could not verify.
Please try with a user that is a member of at least one LDAP group.
Lockout
The user "jenkins-user" will be unable to login with the supplied password.
If this is your own account this would mean you would be locked out!
Are you sure you want to save this configuration?
假设如果我将 root DN
保持为空并且 enabled the tick mark
- Allow blank rootDN
。我的测试连接成功了。
但我想知道目前我在插件部分 运行 root DN
为空,enabled - Allow blank rootDN
。这适合生产环境吗?
同样对于已登录的用户,如下所示的显示名称太长了。
First-Name/Sur-Name/Team-Name/Location/Title/Company-Name
我只想显示 First-Name + Sur-Name
。为此,我尝试将 Display Name LDAP attribute:
更改为 name, givenName, cn & sn
,但其中 none 有效。那么是否可以在 Jenkins 中只显示 First name + Sur-name?
我已经修好了。每次当我们 change/update
LDAP 配置部分中的 Display Name LDAP attribute
值时,我们需要 delete
人员类别中的用户并需要登录。 Post 它显示配置的设置。