Jenkins-LDAP-plugin Use DN group instead CN

Hi there,

I’m trying to set an jenkins environment configured with ldap-plugin.

My configuration is pretty simple and working for the log-in to the UI.

I want to use groups by DN, I means I’m working for a company that manage the rights (RO, RW…) by the same group name but in a different OU.

The context is ;

dn : cn=admin, ou=<ACCOUNT_ID>, dc=test, dc=local

But I’m just able to add group with the CN. For example If i’m trying to add a group, it works only if I try to add “admin” but not with “cn=admin, ou=<ACCOUNT_ID>, dc=test, dc=local”

My problem is I have 100x the group “admin” in my ldap-server. So Jenkins will try to use the first result ?

In the ldap-plugin documentation I see :

Note: in this field there are two available substitutions:
{0} - the fully qualified DN of the user
{1} - the username portion of the user
So I tried to set the groupfilter to cn={0} If I understand the documentation that result cn = dn but its not working.

Here is an example of ldapsearch on my ldap-server :

dn: cn=clusteradmin,ou=454g54 gre45,ou=test,ou=Perimeers,cn=ApplicationContext,dc=localuniqueMember: uid=grger,ou=Users,dc=local
uniqueMember: uid=gerger,ou=Users,dc=localuuid: afrf-52fe-fezcvd2s-fdsdv
accountId: afrf-52fe-fezcvd2s-fdsdvcn: clusteradminobjectClass: testRole
objectClass: groupOfUniqueNames
objectClass: top

Can you help on that its very urgent please

Here is some news!
I configured the ldap part with

entryDn={0}

and now groups formated as :

cn=… dc=…
are found by Jenkins because I don’t have anymore the message “groups not found”.

But… When I check the /whoAmI, I can see groups formated as “group_name” and not with the DN.

I search a little bit in the ldap-plugin code but I’m really new in java. I found one function that format the group automatically to RDN (relative distinguished name)…

So in the security matrix I declared “cn=admin, ou=groups, dc=local” as admin, but /WhoAmI return only “admin” so the rights don’t works…

1 Like