Configure Jenkins to use Cloud LDAP

Using JumpCloud's LDAP-as-a-Service to integrate Jenkins authentication and authorization allows administrators to map permissions to users and groups enabled in your JumpCloud LDAP Directory instance.

Securing access to the Jenkins UI is configured at two levels under the Configure Global Security section in the Manage Jenkins panel. First, choose a Security Realm, which controls where User and Group information and authentication is managed and where JumpCloud LDAP is configured. Second, choose an Authorization Strategy, which provides the ability to assign explicit permissions to users and groups, allowing granular control of all available operations. 

JumpCloud LDAP supports all available Authorization Strategies, but the most commonly used strategies are Matrix-based security, Project-based Matrix Authorization Strategy, and Role-Based strategy.

Considerations:

• This configuration was verified using the latest Jenkins LDAP Plugin 1.21 on March 20, 2020.
• See the Jenkins LDAP Plugin documentation for additional details.

Configuring Jenkins LDAP Plugin

Server: ldaps://ldap.jumpcloud.com
Root DN: leave this option blank
Allow blank rootDN: select this option

User Search Base: ou=Users,o=<org-id>,dc=jumpcloud,dc=com
User Search Filter: uid={0}

Group Search Base: ou=Users,o=<org-id>,dc=jumpcloud,dc=com
Group Search Filter: (& (cn={0})(objectclass=groupOfNames))
Group Membership: select Search for LDAP groups containing user
Group membership attribute: (member={0})

Manager DN: uid=<LDAP-binding-user>,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
Manager Password: <password of the LDAP-binding-user account>

Display Name LDAP Attribute: cn
Email Address LDAP Attribute: mail