You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+15-5Lines changed: 15 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,6 +15,16 @@ Jenkins then uses DNS SRV records and LDAP service of Active Directory to authen
15
15
16
16
Jenkins recognizes all the groups in Active Directory that the user belongs to, so you can use those to make authorization decisions (for example you can choose the matrix-based security as the authorization strategy and perhaps allow "Domain Admins" to administer Jenkins).
17
17
18
+
#### Setup
19
+
20
+
Install Certs in Store
21
+
22
+
Update config.xml
23
+
24
+
Update jenkins.xml
25
+
26
+
27
+
18
28
#### Active Directory Health Status
19
29
20
30
Since the version 2.5 the AD plugin adds a ManagementLink to report a Health Status about the Domain and Domain controllers. In order to correctly use this feature, you should be logged-in into the instance and the cache should be disabled. Then, you will get:
@@ -107,7 +117,7 @@ For Windows:
107
117
108
118
5\. Follow section Securing access to Active Directory servers to enable LDAPS
109
119
110
-
Disaster recovery: In case that after all of this you cannot login anymore, you should enable the logging on the plugin to understand why it is failing. In case that after you enable the secured option you cannot login on the instance anymore, you might want to quickly fallback to the previous status specially on production environments. You can easily do this by going to $JENKINS\_HOME/config.xml and under the section \<securityRealm class="hudson.plugins.active\_directory ActiveDirectorySecurityRealm" revert the tlsConfiguration to the previous status. A restart is needed.
120
+
Disaster recovery: In case that after all of this you cannot login anymore, you should enable the logging on the plugin to understand why it is failing. In case that after you enable the secured option you cannot login on the instance anymore, you might want to quickly fallback to the previous status specially on production environments. You can easily do this by going to $JENKINS\_HOME/config.xml and under the section \<securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" revert the tlsConfiguration to the previous status. A restart is needed.
@@ -157,12 +167,12 @@ To verify if the connection is upgraded or not, see [Logging](https://www.jenkin
157
167
158
168
On the other hand, if you wish on using LDAPS, you should set:
159
169
160
-
- System property `-Dhudson.plugins.active\_directory.ActiveDirectorySecurityRealm.forceLdaps=true` as a startup parameter to force Jenkins to start a connection with LDAPS.
170
+
- System property `-Dhudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps=true` as a startup parameter to force Jenkins to start a connection with LDAPS.
161
171
- Use secured port is defined 636 or 3269
162
172
(`your.hostname.com\[\|:636\|:3269\]`)
163
173
164
174
Note that
165
-
`-Dhudson.plugins.active\_directory.ActiveDirectorySecurityRealm.forceLdaps=true` skips the default LDAP + TLS upgrade.
175
+
`-Dhudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps=true` skips the default LDAP + TLS upgrade.
166
176
167
177
#### Override domain controllers
168
178
@@ -188,7 +198,7 @@ If you are not sure what the notation for a group name is, try the following pro
188
198
189
199
#### Create/Update a dedicated Logs Recorder
190
200
191
-
If you think you've configured everything correctly but still not being able to login (or any other problems), please enable [Logging](https://www.jenkins.io/doc/book/system-administration/viewing-logs/) and configure logging level for "hudson.plugins.active\_directory" to ALL. Attempt a login and then file a ticket with the log output.
201
+
If you think you've configured everything correctly but still not being able to login (or any other problems), please enable [Logging](https://www.jenkins.io/doc/book/system-administration/viewing-logs/) and configure logging level for "hudson.plugins.active_directory" to ALL. Attempt a login and then file a ticket with the log output.
192
202
193
203
Also, it might be useful to enable:
194
204
@@ -247,4 +257,4 @@ See the [changelog](https://github.com/jenkinsci/active-directory-plugin/blob/ma
247
257
248
258
## Release Notes
249
259
250
-
See [Github Release](https://github.com/jenkinsci/active-directory-plugin/releases).
260
+
See [Github Release](https://github.com/jenkinsci/active-directory-plugin/releases).
0 commit comments