Plugin Information
| Plugin ID |
active-directory |
| Latest Release |
1.15 |
| Latest Release Date |
Jul 10, 2009 |
| Changes in Latest Release |
via Fisheye |
| Maintainer(s) |
n/a (java.net id: nordj) |
| Issue Tracking |
Open Issues |
With this plugin, you can configure Hudson authenticates the username and the password through Active Directory.
This plugin internally uses two very different implementations, depending on whether Hudson is running on Windows or non-Windows and if if specify a domain.
- If Hudson is running on a Windows machine and you do not specify a domain, that machine must be a member of the domain you wish to authenticate against. Hudson uses ADSI to figure out all the details, so no additional configuration is required.
- If Hudson is running on a non-Windows machine (or you specify one or more domains), then you need to tell Hudson the name of Active Directory domain(s) to authenticate with. Hudson then uses DNS SRV records and LDAP service of Active Directory to authenticate users.
Hudson recognizes all the groups in Active Directory that the user belongs to, so you can use those to make authorization decisions (for example, you can choose the matrix-based security as the authorization strategy and perhaps allow "Domain Admins" to administer Hudson.)
Changelog
Version 1.15 (2009/06/10)
- Fix bug introduced with 1.14 where an AD setup with circular group references would cause a stack overflow.
Version 1.14 (2009/06/02)
- Support nested groups (via the Unix provider) (issue #3071)
- Fixed a bug that prevented the "authenticated" role being honoured (issue #3735)
- Support authenticting against multiple domains (issue #3576)
Version 1.13 (2009/05/19)
- Fixed a bug that degraded Windows support (which forces you to enter the domain name.)
- Implementation of group recognition (for displaying group icon in matrix for instance.)
Version 1.12 (2009/04/08)
- Some DNS returns '.' at the end of the host name. Handle it correctly (issue #2647)
- Fixed NPE in the form field validation when a group name was added (issue #3344)
- Lookup fails for members of groups with special characters in the name (like '/') (issue #3249)
Version 1.11 (2009/03/25)
- No change. This is a re-release since 1.10 didn't hit the update center.
Version 1.10 (2009/03/20)
- On Windows, specifying the domain name in the "advanced" section wasn't taking effect.
Version 1.9 (2009/02/17)
- Modified to work with 64bit Winddows (report)
Version 1.8 (2009/02/13)
- Hudson honors the priority in the SRV entries (patch)
Version 1.7 (2009/01/15)
- Fixed a bug in handling alternative UPN suffix. (discussion)
Version 1.6 (2009/01/12)
- Fixed a bug in handling "referrals" (which I believe happens when you run AD forest.)
Version 1.5 (2008/06/24)
- Windows users can now also use the LDAP-based AD authentication (the same code used on Unix.) This is apparently necessary when Hudson runs as a local user instead of a domain user (discussion)
Version 1.4 (2008/06/11)
- Fixed a bug where the configuration page doesn't show the configured AD domain name
- Fixed a bug that prevented this from working with user-defined containers
Version 1.3 (2008/06/09)
- Supported authentication from Hudson running on non-Windows machines
Version 1.2 (2008/02/27)
- Fixed IllegalArgumentException in remember-me implementation (issue #1229)
Version 1.0 (2007/01/09)
Comments (6)
Jun 12, 2008
Travis Bailey says:
A thousand thank yous for getting this to work on non-windows systems. It ...A thousand thank yous for getting this to work on non-windows systems. It is excruciatingly painful to get our linux systems to talk to our AD. LDAP is so limited and tricky. This was a big win for me. Works beautifully!
Sep 16, 2008
Andrew Replogle says:
Has anyone got the "groups" side of user/groups AD permissions working? I've tri...Has anyone got the "groups" side of user/groups AD permissions working? I've tried adding a security group and a global group and when someone who logs in that belongs to either of those, it doesn't give them the permissions that the group is setup for.
Is it possible to get the source for this plugin or is it not opensource?
Thanks,
Andrew
Oct 08, 2008
Fred Hoare says:
Our active directory setup does not allow anonymous requests. If I am runn...Our active directory setup does not allow anonymous requests. If I am running hudson as a non-domain user is there any way I can specify a username and password for the binding to the AD server?
Apr 01, 2009
Jorge Matos says:
I noticed that the plugin doesn't seem to work if you specify an AD group that h...I noticed that the plugin doesn't seem to work if you specify an AD group that has spaces in it.
Is there a way to specify an AD group that contains spaces in the name?
Apr 14, 2009
Scott Carter says:
Is it possible to bind to multiple domains? I have two domains and need hu...Is it possible to bind to multiple domains? I have two domains and need hudson to be able to authenticate with both of them but the plugin does not offer an alternate domain to use. In the active directory box I want to be able to put
domain1.mydomain.com
domain2.mydomain.com
I had thought of setting up a LDAP server and pulling all the information from both domains and storing it all in one but i could not figure that out.
May 12
joti says:
I use this Plugin to secure my Hudson, it works at first try and flawless. Huge ...I use this Plugin to secure my Hudson, it works at first try and flawless. Huge thanks for that!
Nevertheless it would be *really* nice if the Plugin or another Plugin using AD as well could provide
for the AD retrieved users.