Back to Directory_Service

Active Directory Integration

1. Jira

(In Administration mode)Users->User Directories, Add Directory: Directory Type select Microsoft Active Directory

Name: OMA Active Directory server
Hostname: 123.234.34.56
Port: 389
Username: CN=jira,OU=User,DC=li3huo,DC=com
Password: ***
Base DN: OU=User,DC=li3huo,DC=com

2. Moinmoin

支持AD的配置:vi /srv/share/moin/wikiconfig.py

    from MoinMoin.auth.ldap_login import LDAPAuth
    ldap_authenticator1 = LDAPAuth(
        server_uri='ldap://172.27.233.100', 
        bind_dn='jira@li3huo.com', 
        bind_pw='***',
        base_dn='OU=User,DC=li3huo,DC=com',
        scope=2, # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
        referrals=0, # LDAP REFERRALS (0 needed for AD)
        search_filter='(sAMAccountName=%(username)s)', 
        # some attribute names we use to extract information from LDAP (if not None,
        # if None, the attribute won't be extracted from LDAP):
        givenname_attribute=None, # often 'givenName' - ldap attribute we get the first name from
        surname_attribute=None, # often 'sn' - ldap attribute we get the family name from
        aliasname_attribute='displayName', # often 'displayName' - ldap attribute we get the aliasname from
        email_attribute=None, # often 'mail' - ldap attribute we get the email address from
        email_callback=None, # callback function called to make up email address
        coding='utf-8', # coding used for ldap queries and result values
        timeout=10, # how long we wait for the ldap server [s]
        start_tls=0, # usage of Transport Layer Security 0 = No, 1 = Try, 2 = Required
        tls_cacertdir=None,
        tls_cacertfile=None,
        tls_certfile=None,
        tls_keyfile=None,
        tls_require_cert=0, # 0 == ldap.OPT_X_TLS_NEVER (needed for self-signed certs)
        bind_once=False, # set to True to only do one bind - useful if configured to bind as the user on the first attempt
        autocreate=True, # set to True to automatically create/update user profiles
        name='ldap', # use e.g. 'ldap_pdc' and 'ldap_bdc' (or 'ldap1' and 'ldap2') if you auth against 2 ldap servers
        report_invalid_credentials=True, # whether to emit "invalid username or password" msg at login time or not
    )

    auth = [ldap_authenticator1, ] # this is a list, you may have multiple ldap authenticators
                                   # as well as other authenticators

    cookie_lifetime = (0, 1) 

3. Jenkins

Manage Jenkins->Configure Global Security:

Access Control.Security Realm

Domain Name: corp.hesine.com
Domain controller: 123.234.34.56:389
Site:
Bind DN: jira@li3huo.com
Bind Password: ***

在$JENKINS_HOME/config.xml中可以查看和修改所有用户的权限设置,但是修改后需要重新启动Jenkins

Authorization从Anyone can do anything改成Matrix-based security,把自己加为管理员后再Save!

MainWiki: Active_Directory_Integration (last edited 2013-03-26 23:55:38 by twotwo)