Jenkins-LDAP authentication - slow while loging in
1,152 views
Skip to first unread message
Anand Sudabattula
Jun 15, 2013, 9:13:00 PM6/15/13
to jenkins...@googlegroups.com
Hi,
I am testing Jenkins with ldap for authenticating users. No issues its working but only problem is that the logging into Jenkins using ldap credentials is taking from 2 to 3 minutes. Through ldap server logs we found that user search does not take any time but the system is taking 2-3 mins while doing group search but we don't maintain any groups for the users that we configured. There are several other applications using ldap server and work without any such issues.
I am testing Jenkins with ldap for authenticating users. No issues its working but only problem is that the logging into Jenkins using ldap credentials is taking from 2 to 3 minutes. Through ldap server logs we found that user search does not take any time but the system is taking 2-3 mins while doing group search but we don't maintain any groups for the users that we configured. There are several other applications using ldap server and work without any such issues.
Following have been tried with no luck:
a) As suggested on Jenkins site, have tried changing groupSearchFilter = "(member={0})" in file: LDAPBindSecurityRealm.groovy but no improvement found the logging time.
b) Changing root DN did not help
My env:
1) RHEL 6.x 64-bit
2) Jenkins 1.517 on Tomcat 7.0.29
3) Sun Directory Server 6.x
4) Currently we are using Jenkins user database but eventually would want to use ldap for user authentication
Appreciate if could help resolve this problem.
Thanks
Anand
Stephen Connolly
Jun 16, 2013, 5:05:03 PM6/16/13
to jenkins...@googlegroups.com
Have you tried upgrading to the latest version of the plugin?
--
Sent from my phone
I just recently updated the plugin 1.5 to make it easier to configure the filters for group searching.
If you truely have no groups, maybe point the group search base to an empty DN node with no children... Also tuning the cache may help.
Also I updated the wiki, so check out the wiki page again if you have not looked at it in the last 2-3 days
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Sent from my phone
Anand Sudabattula
Jun 17, 2013, 4:49:46 PM6/17/13
to jenkins...@googlegroups.com
Hi Stephen, thank you so much for your timely help and it helped fixing the issue.
As you suggested have
a) used one existing ldap group dn for "Group Search Base" though its nothing to do for the users that are being configured in Jenkins, shall try to create one empty DN for Jenkins users (I did not know that there are few ldap groups being used for admin purposes)
b) not modified the LDAPBindSecurityRealm.groovy file
c) updated ldap plugin from 1.4 to 1.5
Appreciate your help, have a nice day.
Regards
Anand
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages