简体繁体 English

Jenkins 与 AD 集成

[英]Jenkins integration with AD

原文 2019-11-14 07:13:17 8 1 jenkins/ active-directory/ jenkins-plugins

I am working on integrating a new Jenkins instance with AD.我正在努力将新的 Jenkins 实例与 AD 集成。 I have installed the required plugins.我已经安装了所需的插件。 When I try to add a domain, it asks for info such as domain name, domain controller, etc.当我尝试添加域时，它会询问诸如域名、域 controller 等信息。

I am not fully clear on the BindDN field.我对 BindDN 字段并不完全清楚。 If I leave it blank and test the domain, it throws this warning如果我将其留空并测试域，则会引发此警告

Leaving blank Bind DN means that any operation performed will use anonymous binding.将Bind DN留空意味着执行的任何操作都将使用匿名绑定。 Keep in mind that this is not recommended as some servers do not allow it by default.请记住，不建议这样做，因为某些服务器默认情况下不允许这样做。

I then provided a user account in BindDN which exists in the domain.然后，我在域中存在的 BindDN 中提供了一个用户帐户。 Now on testing the domain, it is throwing this error log:现在在测试域时，它会抛出这个错误日志：

DC_Name:389 java.net.UnknownHostException: DC_Name at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) DC_Name:389 java.net.UnknownHostException: DC_Name at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184) at java.net.SocksSocketImpl.connect(SocksSocketImpl.Z93F725A0742331C889F4F49B2)

Pls share some inputs to complete the integration with AD.请分享一些输入以完成与 AD 的集成。

1 个解决方案

There is information provided in theJenkins wiki page for the AD plugin , as well as some ldap tools to help diagnose. Jenkins wiki 页面中提供了 AD 插件的信息，以及一些帮助诊断的 ldap 工具。

<DOMAIN_NAME> -> Domain Name: support-cloudbees.com <DOMAIN_NAME> -> 域名： support-cloudbees.com
<searchbase> -> Organization Unit we want to look into. <searchbase> -> 我们要调查的组织单位。
In the example, it is OU=Support, DC=support-cloudbees, DC=com在示例中为OU=Support, DC=support-cloudbees, DC=com
<binddn> -> Bind DN. <binddn> -> 绑定 DN。
In the example, CN=felix, OU=Support, DC=support-cloudbees, DC=com在示例中， CN=felix, OU=Support, DC=support-cloudbees, DC=com
<passwd> -> Bind Password <passwd> -> 绑定密码
<userid> -> User we want to look for. <userid> -> 我们要查找的用户。 We can look for the managerDN itself or for a different user on the tree.我们可以查找 managerDN 本身或树上的其他用户。
In the example, this can be set-up for example to CN=felix, OU=Support, DC=support-cloudbees, DC=com .在示例中，这可以设置为例如CN=felix, OU=Support, DC=support-cloudbees, DC=com 。

As described here ,如此处所述，

The Bind DN is comprised of the user and the location of the user in the LDAP directory tree .绑定 DN由用户和用户在 LDAP 目录树中的位置组成。 Each element of the Distinguished Name is pointed out : The first part is the user CN=user1.可分辨名称的每个元素都被指出：第一部分是用户 CN=user1。 The second part is the container CN=Users.第二部分是容器 CN=Users。 The third part is the domain DC=example and DC=com第三部分是域 DC=example 和 DC=com

Did you correctly specify "the location of the user in the LDAP tree"?您是否正确指定了“用户在 LDAP 树中的位置”？ The error appears to be with a DC value.该错误似乎与DC值有关。

Ours is in the form:我们的形式是：
cn=<Acct Name>, ou=<some_value>, ou=<some_value>, dc=<some_value>, dc=<some_value>

YMMV. YMMV。 Try use the ldap tools mentioned to validate.尝试使用提到的 ldap 工具进行验证。