Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Configure LDAP on BuildMaster on Linux
-
Hi all,
I try to configure LDAP (Active Directory) in BuildMaster on Linux platform (OpenShift)
I tried to follow the doc but with no success.
The problem is there is nowhere to find how to specify user DN/password. Therefore I cannot figure out how BuildMaster is querying the LDAP server.
Any help would be welcome!
Thanks in advance,
Marc
-
To specify a username/password to use to communicate with you domain, need to:
- Add a Username/Password secure credential in the Administration -> Secure Credentials page and make note of the name you used (ex:
ADDomainCreds
) - Navigate to Administration -> Change User Directory (LDAP)
- Click "Advanced"
- Find your Active Directory provider and click the name (most commonly named
Active Directory (LDAP)
) - Change the "Search Mode" to
Specific List
- In the "Domains to search" enter your domain name and secure credentials name in the format of
<DOMAIN_SUFFIX>,<CREDENTIAL_NAME>
(ex:kramerica.local,ADDomainCreds
) - In the "Domain Controller Host", enter the host for your domain controller. Normally the suffix will work (ex:
kramerica.local
), but if not, enter the IP address of your domain controller. - Click "Save"
- Restart your container(s)
Please let me know if that works for you.
Thanks,
Rich
- Add a Username/Password secure credential in the Administration -> Secure Credentials page and make note of the name you used (ex:
-
Hi Rich,
It is not clear how the domain suffix should be entered...
Our binddn is in the form:
CN:OurID,OU=Users,OU=gcloud,DC=gcloud,DC=domI created a credential (say LDAPuser) with this binddn as user and the corresponding password.
What should I put in the "Domain to search" box?
I tried "gcloud.dom,LDAPuser", but that is not working... It says:
[Debug] Search term: someuser [Debug] Filter string: (&(|(objectCategory=user)(objectCategory=group))(|(userPrincipalName=someuser*)(sAMAccountName=someuser*)(name=someuser*)(displayName=someuser*))) [Debug] Building search root paths for search mode SpecificDomains... [Debug] Searching domain: CN=OurID,OU=users,OU=gcloud,DC=gcloud,DC=dom@gcloud.dom
It doesn't work because of the @gcloud.dom...
-
You will want to specify the "Domain to Search" as
gcloud.dom,LDAPuser
. For the secure credential, you will want to use just a username and password, unless the user logs in with a different suffix other than@gcloud.dom
.I think the issue is with the binddn. BuildMaster will connect to LADP/AD using the root OU. If you require a CN and OU to be specified, that will not work out of the box. Are those needed to connect to your domain controller?
Thanks,
Rich
-
@rhessinger said in Configure LDAP on BuildMaster on Linux:
f you require a CN a
Hi Rich,
To log in our AD, we are using a binddn (ldapsearch -D "binddn" ) of the form "CN=OurID,OU=users,OU=gcloud,DC=gcloud,DC=dom", tere is no @<something> (i.e. @gcloud.dom) in suffix.
-
Hi @marc-ledent_9164 ,
This isn't something that our LDAP/AD integration supports on Linux at this time. It's possible using the Windows-version, which has an LDAP integration that uses different libraries (that only work on Windows).
We do plan on rewriting the LDAP/AD integration with a different library, as to allow this level of customization, but it's not something we can do right away. It'll be later this year.
Cheers,
Alana