Back to Directory_Service

Active Directory Integration

1. Jira

(In Administration mode)Users->User Directories, Add Directory: Directory Type select Microsoft Active Directory

Name: OMA Active Directory server
Port: 389
Username: CN=jira,OU=User,DC=li3huo,DC=com
Password: ***
Base DN: OU=User,DC=li3huo,DC=com

2. Moinmoin

支持AD的配置:vi /srv/share/moin/

    from MoinMoin.auth.ldap_login import LDAPAuth
    ldap_authenticator1 = LDAPAuth(
        scope=2, # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
        referrals=0, # LDAP REFERRALS (0 needed for AD)
        # some attribute names we use to extract information from LDAP (if not None,
        # if None, the attribute won't be extracted from LDAP):
        givenname_attribute=None, # often 'givenName' - ldap attribute we get the first name from
        surname_attribute=None, # often 'sn' - ldap attribute we get the family name from
        aliasname_attribute='displayName', # often 'displayName' - ldap attribute we get the aliasname from
        email_attribute=None, # often 'mail' - ldap attribute we get the email address from
        email_callback=None, # callback function called to make up email address
        coding='utf-8', # coding used for ldap queries and result values
        timeout=10, # how long we wait for the ldap server [s]
        start_tls=0, # usage of Transport Layer Security 0 = No, 1 = Try, 2 = Required
        tls_require_cert=0, # 0 == ldap.OPT_X_TLS_NEVER (needed for self-signed certs)
        bind_once=False, # set to True to only do one bind - useful if configured to bind as the user on the first attempt
        autocreate=True, # set to True to automatically create/update user profiles
        name='ldap', # use e.g. 'ldap_pdc' and 'ldap_bdc' (or 'ldap1' and 'ldap2') if you auth against 2 ldap servers
        report_invalid_credentials=True, # whether to emit "invalid username or password" msg at login time or not

    auth = [ldap_authenticator1, ] # this is a list, you may have multiple ldap authenticators
                                   # as well as other authenticators

    cookie_lifetime = (0, 1) 

3. Jenkins

Manage Jenkins->Configure Global Security:

Access Control.Security Realm

Domain Name:
Domain controller:
Bind DN:
Bind Password: ***


Authorization从Anyone can do anything改成Matrix-based security,把自己加为管理员后再Save!

MainWiki: Active_Directory_Integration (last edited 2013-03-26 23:55:38 by twotwo)