爲了方便用戶管理,通過ldap集中式認證,讓Gitlab和Jenkins都接入,這樣就省去每個系統都是要創建用戶的麻煩了。上一篇Jenkins整合ldap認證的文章中有網友發郵件說了,配置不當導致Jenkins無法登陸,可能文章未能詳細說明。
運維人員都會有這樣的操作,修改任何配置文件前都會來一個備份。就是確保萬一出錯了可以回到之前的狀態。所以建議就是Jenkins配置的問題,特別是這個登陸認證的配置,一搞錯了就無法登陸。甚至無法正常訪問到系統。
默認Centos7使用rpm安裝的目錄爲:/var/lib/jenkins/
備份配置文件:config.xml
[root@jenkins ~]# cp /var/lib/jenkins/config.xml{,$(date +%F)} [root@jenkins ~]# ls /var/lib/jenkins/config.xml config.xml config.xml2019-06-12
然後在config.xml配置文件中找到這段關於ldap認證的信息:
<securityRealm class="hudson.security.LDAPSecurityRealm" plugin="[email protected]"> <disableMailAddre***esolver>false</disableMailAddre***esolver> <configurations> <jenkins.security.plugins.ldap.LDAPConfiguration> <server>ldap://XXXXXX.com:389</server> <rootDN>dc=XXXXXX,dc=com</rootDN> <inhibitInferRootDN>false</inhibitInferRootDN> <userSearchBase></userSearchBase> <userSearch>uid={0}</userSearch> <groupMembershipStrategy class="jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy"> <filter>cn=jenkins</filter> </groupMembershipStrategy> <managerDN>uid=jarry,ou=People,dc=XXXXXX,dc=com</managerDN> <managerPasswordSecret>{AQAAABAAAAAQWfZrb7qoIjewuj3SK/z53/oRo86cW5wi/t07QeW/4mM=}</managerPasswordSecret> <displayNameAttributeName>uid</displayNameAttributeName> <mailAddressAttributeName>mail</mailAddressAttributeName> <ignoreIfUnavailable>false</ignoreIfUnavailable> <extraEnvVars class="linked-hash-map"> <entry> <string></string> <string></string> </entry> </extraEnvVars> </jenkins.security.plugins.ldap.LDAPConfiguration> </configurations> <userIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/> <groupIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/> <disableRolePrefixing>true</disableRolePrefixing> </securityRealm>
上面的配置不當導致了無法通過ldap認證,而且導致jenkins也無法正常登陸了,可以把上面一段修改成以下樣子:
<securityRealm class="hudson.security.HudsonPrivateSecurityRealm"> <disableSignup>false</disableSignup> <enableCaptcha>false</enableCaptcha> </securityRealm>
文章來源:https://www.58jb.com/html/jenkins_ldap_login_failure.html