这个问题是关于 Jenkins LDAP root DN&Display Name LDAP attribute
环境:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24
我正在尝试在我们的 Jenkins 中配置 LDAP(AD) 身份验证,以下是配置设置。
root DN - DC=Company,DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail
但是在测试 LDAP 连接时,它会出现以下错误。
Login
Authentication: failed for user "jenkins-user"
Lookup
User lookup: failed for user "jenkins-user"
LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=domain,DC=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=domain,DC=com'
]; remaining name 'OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com'
LDAP Group lookup: could not verify.
Please try with a user that is a member of at least one LDAP group.
Lockout
The user "jenkins-user" will be unable to login with the supplied password.
If this is your own account this would mean you would be locked out!
Are you sure you want to save this configuration?
假设如果我保持root DNas 为空并且enabled the tick mark- Allow blank rootDN。我的测试连接成功了。
但我想知道目前我在插件部分运行root DN为空。enabled - Allow blank rootDN这对生产环境好吗?
同样对于已登录的用户,如下所示的显示名称太长了。
First-Name/Sur-Name/Team-Name/Location/Title/Company-Name
我只想显示First-Name + Sur-Name。为此,我尝试进行更改Display Name LDAP attribute:,name, givenName, cn & sn但没有一个起作用。那么是否可以在 Jenkins 中只显示名字 + 姓氏?