I am installing an LDAP server and configuring Jenkins in order to accept LDAP for authentication. In Jenkins parameters, I have a weird behavior with the parameter Root DN.
Documentation says :
Root DN
For authenticating user and determing the roles given to this user, Jenkins performs multiple LDAP queries.
[...]
But in practice, LDAP servers maintain an extensive index over the data, so specifying this field is rarely necessary — you should just let Jenkins figure this out by talking to LDAP.
If you do specify this value, the field normally looks something like dc=acme,dc=org
Weird behavior : If I do not specify the parameter, my user is not found. The others parameters have the default value.
LDAP is new to me so I am probably doing something wrong. I created a LDAP tree using slapd. I created one user adenoyelle under a node People that I also created. see ldapsearch result below :
root@myserver:~# ldapsearch -xLLL -b 'dc=acme,dc=com'
dn: dc=acme,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: acme.com
dc: acme
dn: cn=admin,dc=acme,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
dn: ou=people,dc=acme,dc=com
cn: people
objectClass: organizationalRole
objectClass: top
ou: people
dn: uid=adenoyelle,ou=people,dc=acme,dc=com
objectClass: account
objectClass: top
objectClass: simpleSecurityObject
uid: adenoyelle
If I let Root DN blank, my user cannot authenticate. But it works if I give this value for the parameter :
ou=people,dc=acme,dc=com
What am I doing wrong? My guess is that my LDAP nodes are wrong but I cannot find why. Maybe a problem with objectClass values?
The LDAP client will query the server for a root DSE used as base DN if you omit this value. If slapd isn't set up correctly, ldapsearch fails to get a value for that and thus fails the query.
Details here: No Root DSE returned from OpenLDAP, quoting: