subject:"LDAP authentication problem for multiple OUs"

Re: LDAP authentication problem for multiple OUs

2015-11-27 Thread Björn Pedersen

As Daniel said: You need a single base node to start the search. 
(see 
http://www.idevelopment.info/data/LDAP/LDAP_Resources/SEARCH_Setting_the_SCOPE_Parameter.shtml
)

Keep userSearchBase emtpy(!)
The filtering hsa to be done with the userSearchFilter. 
Take a look at 
http://stackoverflow.com/questions/9184978/ldap-root-query-syntax-to-search-more-than-one-specific-ou

Björn

Am Freitag, 27. November 2015 11:15:36 UTC+1 schrieb Ramaprakash Ganesan:
>
> Anybody, any ideas? 
> I am contemplating using TeamCity if we will be unable to get through this 
> :( 
>
> On 11/26/15, Rama  wrote: 
> > I tried keeping User search base (and also tried with User search 
> > filter as well) as blank, but that failed. 
> > I also tried with blank root DN, that also failed. :( 
> > 
> > On 11/26/15, James Nord  wrote: 
> >> As you have country -> users. You need to have a common root. 
> >> In your case that is dc=ca which given your root dn would be a blank 
> >> entry. 
> >> 
> >> -- 
> >> You received this message because you are subscribed to a topic in the 
> >> Google Groups "Jenkins Users" group. 
> >> To unsubscribe from this topic, visit 
> >> 
> https://groups.google.com/d/topic/jenkinsci-users/RP78og8cRcw/unsubscribe. 
>
> >> To unsubscribe from this group and all its topics, send an email to 
> >> jenkinsci-use...@googlegroups.com . 
> >> To view this discussion on the web visit 
> >> 
> https://groups.google.com/d/msgid/jenkinsci-users/7e58c381-cda6-4d24-a311-9bd5c758abb3%40googlegroups.com.
>  
>
> >> For more options, visit https://groups.google.com/d/optout. 
> >> 
> > 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/735e5d34-c720-459e-a41b-2108cd66bb0c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: LDAP authentication problem for multiple OUs

2015-11-27 Thread Rama

Anybody, any ideas?
I am contemplating using TeamCity if we will be unable to get through this :(

On 11/26/15, Rama  wrote:
> I tried keeping User search base (and also tried with User search
> filter as well) as blank, but that failed.
> I also tried with blank root DN, that also failed. :(
>
> On 11/26/15, James Nord  wrote:
>> As you have country -> users. You need to have a common root.
>> In your case that is dc=ca which given your root dn would be a blank
>> entry.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Jenkins Users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/jenkinsci-users/RP78og8cRcw/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> jenkinsci-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-users/7e58c381-cda6-4d24-a311-9bd5c758abb3%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CANWvqY69Z7vhZSgyfzijh%3Dc3xC5Di3K8GXz2Nk9TxXLfrBnWzg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: LDAP authentication problem for multiple OUs

2015-11-26 Thread James Nord

As you have country -> users. You need to have a common root.  
In your case that is dc=ca which given your root dn would be a blank entry.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/7e58c381-cda6-4d24-a311-9bd5c758abb3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: LDAP authentication problem for multiple OUs

2015-11-26 Thread Rama

I tried keeping User search base (and also tried with User search
filter as well) as blank, but that failed.
I also tried with blank root DN, that also failed. :(

On 11/26/15, James Nord  wrote:
> As you have country -> users. You need to have a common root.
> In your case that is dc=ca which given your root dn would be a blank entry.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Jenkins Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/jenkinsci-users/RP78og8cRcw/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/7e58c381-cda6-4d24-a311-9bd5c758abb3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CANWvqY6tFdTRpj5cg4vV%3DFObLdjrcjF898ovpwcvE9Ms6Fyhaw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: LDAP authentication problem for multiple OUs

2015-11-25 Thread Rama

I tried it now. Providing only OU=Users also does not work.


On 11/26/15, Daniel Beck  wrote:
> How about:
>
> OU=Users
>
> On 26.11.2015, at 06:10, Ramaprakash Ganesan  wrote:
>
>> I am trying to get all our organization users to login using their LDAP
>> domain credentials to Jenkins.
>> With the options below, only users under 1 particular OU are able to
>> login. I want to provide multiple OUs to search from.
>>
>> Our Active Directory structure is as below:
>> ca -> America -> Users -> 
>> ca -> India -> Users -> 
>>
>> Currently only users who are part of the America OU are able to login
>> successfully to the application. I want users from both America and India
>> OUs to be able to login successfully.
>> I thought changing both User search base and Group search base as
>> 'OU=Users,OU=America|OU=India' would work. But that fails for everybody. I
>> tried replacing '|' with ','. But that did not help.
>> Please provide suggestions or the right options to use. This is a blocker
>> for our Jenkins implementation.
>>
>> root DN
>> DC=ca,DC=com
>>
>> allow blank root DN
>> Not checked
>>
>> User search base
>> OU=Users,OU=America
>>
>> User search filter
>> sAMAccountName={0}
>>
>> Group search base
>> OU=Users,OU=America
>>
>> Group search filter
>> sAMAccountName={0}
>>
>> Group membership
>> Search for groups containing user (selected option)
>> Group membership filter 
>>
>> Manager DN
>> CN=admin,OU=Role-Based,OU=America,DC=ca,DC=com
>>
>> Display name LDAP attribute
>> sAMAccountName
>>
>> Email address LDAP attribute
>> mail
>>
>> Environment variables
>> com.sun.jndi.ldap.connect.timeout = 6
>> com.sun.jndi.ldap.read.timeout = 6
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-users/4205b5d4-6788-45ba-a9e1-a7a518ccef54%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Jenkins Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/jenkinsci-users/RP78og8cRcw/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/80FE5687-8D0F-4A97-9D54-5542D29B60DC%40beckweb.net.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CANWvqY6XNQxTrW6KWNJ2J-hNwhCnF%2BgkmQipGm8ime41GhqaDg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

LDAP authentication problem for multiple OUs

2015-11-25 Thread Ramaprakash Ganesan

I am trying to get all our organization users to login using their LDAP 
domain credentials to Jenkins. 
With the options below, only users under 1 particular OU are able to login. 
I want to provide multiple OUs to search from. 

Our Active Directory structure is as below:
*ca -> America -> Users -> *
*ca -> India -> Users -> *

Currently only users who are part of the America OU are able to login 
successfully to the application. I want users from both America and India 
OUs to be able to login successfully. 
I thought changing both User search base and Group search base as 
'OU=Users,OU=America|OU=India' would work. But that fails for everybody. I 
tried replacing '|' with ','. But that did not help. 
Please provide suggestions or the right options to use. This is a blocker 
for our Jenkins implementation. 

*root DN*

*DC=ca,DC=com*

*allow blank root DN*
*Not checked*

*User search base*

*OU=Users,OU=America*

*User search filter*

*sAMAccountName={0}*


*Group search base*

*OU=Users,OU=America*

*Group search filter*

*sAMAccountName={0}*

*Group membership*

*Search for groups containing user (selected option)*

*Group membership filter *

*Manager DN*

*CN=admin,OU=Role-Based,OU=America,DC=ca,DC=com*

*Display name LDAP attribute*

*sAMAccountName*

*Email address LDAP attribute*

*mail*

*Environment variables*

*com.sun.jndi.ldap.connect.timeout = 6*
*com.sun.jndi.ldap.read.timeout = 6*

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/4205b5d4-6788-45ba-a9e1-a7a518ccef54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: LDAP authentication problem for multiple OUs

2015-11-25 Thread Daniel Beck

How about:

OU=Users

On 26.11.2015, at 06:10, Ramaprakash Ganesan  wrote:

> I am trying to get all our organization users to login using their LDAP 
> domain credentials to Jenkins. 
> With the options below, only users under 1 particular OU are able to login. I 
> want to provide multiple OUs to search from. 
> 
> Our Active Directory structure is as below:
> ca -> America -> Users -> 
> ca -> India -> Users -> 
> 
> Currently only users who are part of the America OU are able to login 
> successfully to the application. I want users from both America and India OUs 
> to be able to login successfully. 
> I thought changing both User search base and Group search base as 
> 'OU=Users,OU=America|OU=India' would work. But that fails for everybody. I 
> tried replacing '|' with ','. But that did not help. 
> Please provide suggestions or the right options to use. This is a blocker for 
> our Jenkins implementation. 
> 
> root DN
> DC=ca,DC=com
> 
> allow blank root DN
> Not checked
> 
> User search base
> OU=Users,OU=America
> 
> User search filter
> sAMAccountName={0}
> 
> Group search base
> OU=Users,OU=America
> 
> Group search filter
> sAMAccountName={0}
> 
> Group membership
> Search for groups containing user (selected option)
> Group membership filter 
> 
> Manager DN
> CN=admin,OU=Role-Based,OU=America,DC=ca,DC=com
> 
> Display name LDAP attribute
> sAMAccountName
> 
> Email address LDAP attribute
> mail
> 
> Environment variables
> com.sun.jndi.ldap.connect.timeout = 6
> com.sun.jndi.ldap.read.timeout = 6
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-users/4205b5d4-6788-45ba-a9e1-a7a518ccef54%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/80FE5687-8D0F-4A97-9D54-5542D29B60DC%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.

Re: LDAP authentication problem for multiple OUs

Re: LDAP authentication problem for multiple OUs

Re: LDAP authentication problem for multiple OUs

Re: LDAP authentication problem for multiple OUs

Re: LDAP authentication problem for multiple OUs

LDAP authentication problem for multiple OUs

Re: LDAP authentication problem for multiple OUs

7 matches

Site Navigation

Mail list logo

Footer information