Connecting Jenkins to Active Directory and How to reset Access to Jenkins
As part of your Jenkins security standards, you might want people to log in via there AD credentials instead of a Jenkins login. To do this you need to follow the below steps:
Based on this its best practise to to load in the “Active Directory Plugin” when you plan on using AD for your login management with that, head to:
Jenkins -> Manage Jenkins -> Manage Plugins and search for “Active Directory Plugin”
Install the plugin and restart the service.
Part 1 Connect to Active Directory
Now we need to configure the new security settings via:
Jenkins -> Manage Jenkins -> Configure Global Security
Tick the “Enable Security” checkbox at the top of the screen. Then Select “Active Directory” from the Access Control Security Realm
If you have a single domain you can move on to part 2. If you have trusted domain or work in different forest to the domain the server is on. you can add the domain via “Add Domain” and enter the details of the
Domain Name (ie “MyDomain.local”)
Domain Controller (either IP address or DNS name works)
NOTE DO NOT PRESS SAVE AT THIS POINT!
Part 2 Enable Group Based Security
Before Saving you will first need to enable Anonymous logins will full permissions
Go to Authorisation and select “Matrix-based security” or “Project-Based Matrix Authorisation Strategy”
If you dont and simply add the group you wish to have full permissions on you may see something like below, were I added the “jenkins_admin” group which exists in AD but doesn’t show up in Jenkins yet. This is because I needed to Save the AD connection before it would connect. (And ended up locking me out! Check out Part 3 Oh Sh$t Im Locked out if get into trouble)
Once you have given Anonymous full access Click Save, Then go back in and Add the AD group you want to have full permissions on in and click Save
Note how it now shows the Jenkins admin group correctly. without the line though. You can now login in via a member of that group and start to build out a more secure or group defined privileges.
Part 3 Oh Sh$t Im Locked out
So your here because you tried Part 1 / 2 and something went wrong! Dont worry it did for me to and rather worryingly its really easy to reset access to Jenkins
When i first tried to update my security i ended up with this error:
To reset Jenkins security back to Not enabled, anyone can login and hense you can try again with your attempt to implement security.
Turn off the service for Jenkins and open your favourite XML editor. Traverse to the Config.xml file in your Jenkins installation. For me this was at:
C:\Program Files (x86)\Jenkins.Config.xml
Open the file and Edit the value in useSecurity from true to false
Save the file and restart the Jenkins service. you will now be able to connect without any login.