-
New Feature
-
Resolution: Done
-
Major
-
None
It would be a nice feature to support multiple OU.
And this feature may help performance because Jenkins doesn't need to search entire LDAP tree. (I think people who use Jenkins should be a small group in most organizations except software company.)
- is related to
-
-
- Resolved
-
-
JENKINS-44743 Multi OU should not use serverUrls as unique identifier of configuration
-
- Resolved
-
- links to
[JENKINS-21475] Multiple LDAP OU support
+1 for this. Right now we've got to allow our "human users" OU for people to get their work done, bur the single OU condition means problems when we need a more "service" account for any reason (like an account dedicated to automation, used only with an API token from scripts). This is a really painful limitation.
Code changed in jenkins
User: Robert Sandell
Path:
pom.xml
src/main/java/hudson/security/LDAPSecurityRealm.java
src/main/java/jenkins/security/plugins/ldap/LDAPConfiguration.java
src/main/resources/hudson/security/LDAPBindSecurityRealm.groovy
src/main/resources/hudson/security/LDAPSecurityRealm/config.jelly
src/main/resources/hudson/security/LDAPSecurityRealm/config.properties
src/main/resources/hudson/security/LDAPSecurityRealm/help-displayNameAttributeName.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-groupSearchBase.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-groupSearchBase_de.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-groupSearchBase_fr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-groupSearchBase_ja.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-groupSearchBase_tr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-groupSearchBase_zh_TW.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-groupSearchFilter.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-mailAddressAttributeName.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerDN.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerDN_de.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerDN_fr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerDN_ja.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerDN_pt_BR.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerDN_tr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerDN_zh_TW.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerPasswordSecret.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerPasswordSecret_de.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerPasswordSecret_fr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerPasswordSecret_ja.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerPasswordSecret_pt_BR.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerPasswordSecret_tr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-managerPasswordSecret_zh_TW.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-rootDN.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-rootDN_de.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-rootDN_fr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-rootDN_ja.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-rootDN_pt_BR.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-rootDN_ru.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-rootDN_tr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-rootDN_zh_TW.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-server.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-server_de.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-server_fr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-server_ja.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-server_pt_BR.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-server_ru.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-server_tr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-server_zh_TW.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearch.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearchBase.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearchBase_de.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearchBase_fr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearchBase_ja.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearchBase_pt_BR.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearchBase_ru.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearchBase_tr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearchBase_zh_TW.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearch_de.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearch_fr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearch_ja.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearch_pt_BR.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearch_ru.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearch_tr.html
src/main/resources/hudson/security/LDAPSecurityRealm/help-userSearch_zh_TW.html
src/main/resources/hudson/security/LDAPSecurityRealm/help.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/config.jelly
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-displayNameAttributeName.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-groupSearchBase.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-groupSearchBase_de.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-groupSearchBase_fr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-groupSearchBase_ja.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-groupSearchBase_tr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-groupSearchBase_zh_TW.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-groupSearchFilter.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-mailAddressAttributeName.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerDN.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerDN_de.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerDN_fr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerDN_ja.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerDN_pt_BR.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerDN_tr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerDN_zh_TW.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerPasswordSecret.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerPasswordSecret_de.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerPasswordSecret_fr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerPasswordSecret_ja.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerPasswordSecret_pt_BR.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerPasswordSecret_tr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-managerPasswordSecret_zh_TW.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-rootDN.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-rootDN_de.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-rootDN_fr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-rootDN_ja.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-rootDN_pt_BR.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-rootDN_ru.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-rootDN_tr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-rootDN_zh_TW.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-server.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-server_de.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-server_fr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-server_ja.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-server_pt_BR.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-server_ru.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-server_tr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-server_zh_TW.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearch.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearchBase.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearchBase_de.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearchBase_fr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearchBase_ja.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearchBase_pt_BR.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearchBase_ru.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearchBase_tr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearchBase_zh_TW.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearch_de.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearch_fr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearch_ja.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearch_pt_BR.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearch_ru.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearch_tr.html
src/main/resources/jenkins/security/plugins/ldap/LDAPConfiguration/help-userSearch_zh_TW.html
src/main/resources/jenkins/security/plugins/ldap/Messages.properties
src/test/java/hudson/security/LDAPEmbeddedTest.java
src/test/java/hudson/security/LDAPSecurityRealmTest.java
src/test/java/hudson/security/LdapMultiEmbedded2Test.java
src/test/java/hudson/security/LdapMultiEmbeddedTest.java
src/test/java/hudson/security/docker/MultiServerTest.java
src/test/java/hudson/security/docker/PlanetExpressTest.java
src/test/java/jenkins/security/plugins/ldap/LDAPConfiguration.java
src/test/java/jenkins/security/plugins/ldap/LDAPConfigurationTest.java
src/test/java/jenkins/security/plugins/ldap/LDAPRule.java
src/test/java/jenkins/security/plugins/ldap/LDAPTestConfiguration.java
src/test/resources/hudson/security/docker/PlanetExpressTest/PlanetExpress/Dockerfile
src/test/resources/hudson/security/planetexpress.ldif
src/test/resources/hudson/security/planetexpressWithHNelson.ldif
http://jenkins-ci.org/commit/ldap-plugin/a9a1067a5e839f6b097a7f9e8f3a5edf3772ad35
Log:
Merge pull request #17 from rsandell/multi-ou
JENKINS-21475 Multi server/OU support
Compare: https://github.com/jenkinsci/ldap-plugin/compare/2b3521b74b3b...a9a1067a5e83
1.16-beta-1 is released, I would appreciate some feedback.
1.16.beta-2 is on it's way out fixing JENKINS-44743.
If I don't hear anything within let's say about two weeks I'll go ahead and make a GA release.
Ryan Campbell
added a comment - bradmacpherson, srrobinson, savornicesei,gstaniak, Can you please give this beta a spin? It's available in the experimental update center.
Ryan Campbell
added a comment - bradmacpherson , srrobinson , savornicesei , gstaniak , Can you please give this beta a spin? It's available in the experimental update center. 
Asif Shaikh
added a comment - I see that you've added multiple server support, but would it be possible to add multiple OU support within the same server configuration? We have multiple root OUs that we need to query. However, when I don't provide a search DN, I get timeouts due to LDAP referrals. Our firewall rule allows access to only a single LDAPS vip. We can't use referrals.
Asif Shaikh
added a comment - I see that you've added multiple server support, but would it be possible to add multiple OU support within the same server configuration? We have multiple root OUs that we need to query. However, when I don't provide a search DN, I get timeouts due to LDAP referrals. Our firewall rule allows access to only a single LDAPS vip. We can't use referrals. 
Mark DeMichele
added a comment - ripclawffb, we're running into a similar issue. Did you ever find a workaround?
Mark DeMichele
added a comment - ripclawffb , we're running into a similar issue. Did you ever find a workaround? Asif Shaikh
added a comment - Yes. We ended up pointing to a global catalog server. So instead of using port 636, we used 3269 and it resolved the issue.
Asif Shaikh
added a comment - Yes. We ended up pointing to a global catalog server. So instead of using port 636, we used 3269 and it resolved the issue. 
Any chance anyone is ever going to fix this? This is a big pain for my organization.