From a6481dde563bd24ff868fe36622568ce97f0f4fb Mon Sep 17 00:00:00 2001 From: themartinslife Date: Sat, 4 Nov 2023 15:41:36 +0100 Subject: [PATCH] example_configs: add a Jenkins config --- README.md | 1 + example_configs/jenkins.md | 81 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 example_configs/jenkins.md diff --git a/README.md b/README.md index 86e789c..66f4588 100644 --- a/README.md +++ b/README.md @@ -285,6 +285,7 @@ folder for help with: - [Grafana](example_configs/grafana_ldap_config.toml) - [Hedgedoc](example_configs/hedgedoc.md) - [Jellyfin](example_configs/jellyfin.md) +- [Jenkins](example_configs/jenkins.md) - [Jitsi Meet](example_configs/jitsi_meet.conf) - [KeyCloak](example_configs/keycloak.md) - [LibreNMS](example_configs/librenms.md) diff --git a/example_configs/jenkins.md b/example_configs/jenkins.md new file mode 100644 index 0000000..690b1f7 --- /dev/null +++ b/example_configs/jenkins.md @@ -0,0 +1,81 @@ +# Configuration for Jenkins + +## Jenkins base setup + +To setup LLDAP for Jenkins navigate to Dashboard/Manage Jenkins/Security. + +*Note: Jenkins LDAP plugin has to be installed!
* +*Note: "dc=example,dc=com" is default configuration, you should replace it with your base DN.* + +1) Set **Security Realm** to **LDAP** +2) Click Add Server +3) Setup config fields as stated below + +## Config fields + +#### Server +*(This can be replaced by server ip/your domain etc.)* +``` +ldap://example.com:3890 +``` +### Advanced Server Configuration Dropdown + +#### root DN +``` +dc=example,dc=com +``` + +#### Allow blank rootDN +``` +true +``` + +#### User search base +``` +ou=people +``` + +#### User search filter +``` +uid={0} +``` + +#### Group search base +``` +ou=groups +``` + +#### Group search filter +``` +(& (cn={0})(objectclass=groupOfNames)) +``` + +#### Group membership +Select Search for LDAP groups containing user and leave Group membership filter empty + +#### Manager DN +Leave here your admin account +``` +cn=admin,ou=people +``` +#### Manager Password +Leave it as is + +#### Display Name LDAP attribute +Leave cn as it inputs username +``` +cn +``` + +#### Email Address LDAP attribute +``` +mail +``` + +### Tips & Tricks +- Always use Test LDAP settings so you won't get locked out. It works without password. +- If you want to setup your permissions, go to Authorization setting and select Matrix-based security. Add group/user (it has to exist in LLDAP) and you can grant him permissions. Note that Overall Read forbids users to read jenkins and execute actions. Administer gives full rights. + +### Useful links: +https://plugins.jenkins.io/ldap/
+https://www.jenkins.io/doc/book/security/managing-security/