With this plugin, you can configure Hudson authenticates the username and the password through Active Directory. This plugin internally uses two very different implementations, depending on whether Hudson is running on Windows or non-Windows and if you specify a domain.
- If Hudson is running on a Windows machine and you do not specify a domain, that machine must be a member of the domain you wish to authenticate against. Hudson uses ADSI to figure out all the details, so no additional configuration is required.
- If Hudson is running on a non-Windows machine (or you specify one or more domains), then you need to tell Hudson the name of Active Directory domain(s) to authenticate with. Hudson then uses DNS SRV records and LDAP service of Active Directory to authenticate users.
Hudson recognizes all the groups in Active Directory that the user belongs to, so you can use those to make authorization decisions (for example, you can choose the matrix-based security as the authorization strategy and perhaps allow "Domain Admins" to administer Hudson.)
Override domain controllers
This plugin follows the standard lookup procedure to determine the list of candidate Active Directory domain controllers, and this should be suffice for the normal circumstances. But if for some reasons it isn't, you can manually override and provide the list of domain controllers by setting the system property "hudson.plugins.active_directory.ActiveDirectorySecurityRealm.domainControllers" with the value of the format "host:port,host:port,...". The port should be normally 3269 (for global catalog over SSL), 636 (LDAP over SSL), 3268 (for global catalog), or 389 (LDAP.)
Version 1.17 (upcoming)
- Look up is now done via LDAPS instead of LDAP (although there's no certificate check done now.)
- The plugin now talks to the global catalog for efficiency, as opposed to a domain, if that's available.
- Some DNS returns '.' at the end of the host name. Handle it correctly (issue #2647)
- Fixed a possible LDAP injection problem (issue #3118)
- Try all the available servers before giving up. Useful when some of your domain controllers aren't working properly. (issue #4268)
- Added the site support (issue #4203)
- Cleaned up the help text that incorrectly stated that this doesn't work on Unix. It works. (issue #2500)
Version 1.16 (2009/12/8)
- Added a workaround for WebSphere in doing DNS lookup via JNDI (issue #5045)
Version 1.15 (2009/06/10)
- Fix bug introduced with 1.14 where an AD setup with circular group references would cause a stack overflow.
Version 1.14 (2009/06/02)
- Support nested groups (via the Unix provider) (issue #3071)
- Fixed a bug that prevented the "authenticated" role being honoured (issue #3735)
- Support authenticting against multiple domains (issue #3576)
Version 1.13 (2009/05/19)
- Fixed a bug that degraded Windows support (which forces you to enter the domain name.)
- Implementation of group recognition (for displaying group icon in matrix for instance.)
Version 1.12 (2009/04/08)
Some DNS returns '.' at the end of the host name. Handle it correctly ( issue #2647 ) (not correctly fixed until 1.17)
- Fixed NPE in the form field validation when a group name was added (issue #3344)
- Lookup fails for members of groups with special characters in the name (like '/') (issue #3249)
Version 1.11 (2009/03/25)
- No change. This is a re-release since 1.10 didn't hit the update center.
Version 1.10 (2009/03/20)
- On Windows, specifying the domain name in the "advanced" section wasn't taking effect.
Version 1.9 (2009/02/17)
- Modified to work with 64bit Winddows (report)
Version 1.8 (2009/02/13)
- Hudson honors the priority in the SRV entries (patch)
Version 1.7 (2009/01/15)
- Fixed a bug in handling alternative UPN suffix. (discussion)
Version 1.6 (2009/01/12)
- Fixed a bug in handling "referrals" (which I believe happens when you run AD forest.)
Version 1.5 (2008/06/24)
- Windows users can now also use the LDAP-based AD authentication (the same code used on Unix.) This is apparently necessary when Hudson runs as a local user instead of a domain user (discussion)
Version 1.4 (2008/06/11)
- Fixed a bug where the configuration page doesn't show the configured AD domain name
- Fixed a bug that prevented this from working with user-defined containers
Version 1.3 (2008/06/09)
- Supported authentication from Hudson running on non-Windows machines
Version 1.2 (2008/02/27)
- Fixed IllegalArgumentException in remember-me implementation (issue #1229)
Version 1.0 (2007/01/09)