Skip to content

Instantly share code, notes, and snippets.

@zouzias

zouzias/init-jenkins-ldap.groovy

Created January 21, 2017 11:20
Show Gist options
  • Save zouzias/bf447ab020955ac70db5db5521c3d5b9 to your computer and use it in GitHub Desktop.
Save zouzias/bf447ab020955ac70db5db5521c3d5b9 to your computer and use it in GitHub Desktop.
Download ZIP
Jenkins LDAP Groovy Configuration
Raw
init-jenkins-ldap.groovy
import jenkins.*
import hudson.*
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
import hudson.plugins.sshslaves.*;
import hudson.model.*
import jenkins.model.*
import hudson.security.*
// Copied from https://github.com/zouzias/useful-jenkins-groovy-init-scripts/blob/master/init.groovy (untested)
def instance = Jenkins.getInstance()
/ NOW TIME TO CONFIGURE GLOBAL SECURITY
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
// sample LDAP setup
String server = 'ldap://mycompany.com'
String rootDN = 'dc=company,dc=com'
String userSearchBase = ''
String userSearch = 'uid={0}'
String groupSearchBase = ''
String managerDN = 'cn=System,ou=people,dc=company,dc=com'
String passcode = 'passwordofSystem'
boolean inhibitInferRootDN = true
SecurityRealm ldap_realm = new LDAPSecurityRealm(server, rootDN, userSearchBase, userSearch, groupSearchBase, managerDN, passcode, inhibitInferRootDN)
instance.setSecurityRealm(ldap_realm)
instance.save()
@hostedvideorn
Copy link

Dear Zouzias,
This groovy script runs successfully but no changes are done to Jenkins config.xml file thus no changes are applied (default is Jenkins database and whoever is logged can do anything).
Is there anything else that needs to happen after the groovy script runs? Is the passcode cleartext or hash?
I'd appreciate if you could clarify.
Thanks in advance!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment