LDAP configuration to restrict users at one group

Hi Team,
I using the latest version of Jenkins which is 2.414.2. I am using LDAP method for authentication and I have one scenario.
In LDAP servers we have multiple AD group and jenkins is configured that whoever is the part of LDAP groups are able to login to jenkins.
I want to restrict the login to jenkins, means want to allow only specific ad group members which is part of that LDAP server. Other groups which are part of the LDAP server should not be allowed to login.
Below are the cofiguration done one jenkins end.

Server : myldapserver.com:389
root DN: DC= ######,DC=######,DC=COM
User search base:
User search filter: accountName={0}
Group search base:
Group search filter:
Group membership : Search for LDAP groups containing user: Group membership filter

Manager DN: CN=#######, OU=Service,OU=Accounts,OU=CORP,DC=######,DC=######,DC=COM
Manager Password: Provided
Display Name LDAP attribute: displayname
Email address LDAP attribute: mail

above are the settings for LDAP in jenkins.
for authorization I am using Matrix Based strategy which is working fine.

My ask here is jenkins authentication should be restricted to only one group out of multiple which are part of LDAP servers.
It will be great help if someone can help me out here.
Thank you so much in advance.

you can use the field
“User search filter”

(&(memberof=cn=GROUP)(sAMAccountName={0}))

only users who have GROUP will be able to connect normally

1 Like