GithubHelp home page GithubHelp logo

ldap-sasl's Introduction

LDAP SASL plugin

Japanese version of this document is README_ja.md

Jenkins plugin to use LDAP with SASL for authentication.

What's this?

LDAP SASL is a Jenkins plugin. This plugin provides the "LDAP-SASL" security realm:

  • This plugin performs authentication with LDAP server using the Simple Authentication and Security Layer (SASL) framework.
  • You specify following parameters.
    • LDAP URI
      • URI to access to the LDAP server.
      • Multiple servers can be specified.
    • SASL Mechanisms
      • SASL mechanism to used in the authentication.
      • Multiple mechanisms can be specified. In that case, the most suitable mechanism negotiated with the LDAP server is used.
    • How to identify user DN.
      • Needed when you want to retrieve group information from LDAP.
      • Followings are supported
        • Use LDAP "who am i?" extended operation
        • Query LDAP specifying the base DN and the query string.
    • Whether retrieve group information from LDAP.
      • The user DN have to be indentified.
      • You must specify base DN, and prefix added to the group name.
      • For example, "group1" group in LDAP directory will be treated as "ROLE_group1" in Jenkins by specifying "ROLE_" as the prefix.

How to install

See Jenkins update center for ikedam plugins, and follow the instruction to have your Jenkins to access my update center.

Limitations

  • LDAPS is not tested.
  • This plugin is going to be depricated when LDAP plugin supports SASL.

ldap-sasl's People

Contributors

ikedam avatar

Stargazers

Liam Bennett avatar

Watchers

James Cloos avatar avatar

ldap-sasl's Issues

Supports LDAPS

Test and support LDAPS.

This is not contained in 1.0.0.

Support `loadUserByUsername`

Ldap-sasl 1.0.1 doesn't support AbstractPasswordBasedSecurityRealm#loadUserByUsername, which results "remember me" not work.

Work with LDAP/SSL

Test the behaviour with LDAPS.
It must require an option to accept self-signed certificate.

Exception for multiple LDAP URIs

When you add multiple LDAP URIs in the configuration page, a following error occurs when submitting:

HTTP ERROR: 500

net.sf.json.JSONObject cannot be cast to java.lang.String

RequestURI=/configSubmit
Caused by:

java.lang.ClassCastException: net.sf.json.JSONObject cannot be cast to java.lang.String
    at net.sf.json.JSONObject._fromJSONObject(JSONObject.java:803)
    at net.sf.json.JSONObject.fromObject(JSONObject.java:166)
    at net.sf.json.JSONSerializer.toJSON(JSONSerializer.java:104)
    at net.sf.json.JSONObject._processValue(JSONObject.java:2331)
    at net.sf.json.JSONObject.processValue(JSONObject.java:2405)
    at net.sf.json.JSONObject.element(JSONObject.java:1491)
    at net.sf.json.JSONObject._fromJSONTokener(JSONObject.java:910)
    at net.sf.json.JSONObject.fromObject(JSONObject.java:170)
    at net.sf.json.util.JSONTokener.nextValue(JSONTokener.java:355)
    at net.sf.json.JSONObject._fromJSONTokener(JSONObject.java:875)
    at net.sf.json.JSONObject.fromObject(JSONObject.java:170)
    at net.sf.json.util.JSONTokener.nextValue(JSONTokener.java:355)
    at net.sf.json.JSONObject._fromJSONTokener(JSONObject.java:875)
    at net.sf.json.JSONObject._fromString(JSONObject.java:1064)
    at net.sf.json.JSONObject.fromObject(JSONObject.java:176)
    at net.sf.json.JSONObject.fromObject(JSONObject.java:147)
    at org.kohsuke.stapler.RequestImpl.getSubmittedForm(RequestImpl.java:810)
    at jenkins.model.Jenkins.doConfigSubmit(Jenkins.java:2597)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:162)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:491)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1074)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1065)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1065)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1065)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1065)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:365)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:185)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:689)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:391)
    at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:146)
    at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
    at org.mortbay.jetty.Server.handle(Server.java:285)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:457)
    at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:765)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:628)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:209)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:357)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:329)
    at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:475)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.