This page discusses what probably is the most common set up — let Hudson maintain its own user database (where people can sign up to have their own accounts), and you as the administrator decides who can do what in Hudson.

Initial steps

1. Go to the system configuration screen (http://server/hudson/configure) and choose "enable security"
2. Select "Hudson's own user database" as the security realm
3. Select "Matrix-based security" as the authorization
4. Give anonymous user the read access
5. In the text box below the table, type in your user name (you'd be creating this later) and click "add"
6. Give yourself a full access by checking the entire row for your user name
7. Scroll all the way to the bottom, click "save"

The configuration should look like the picture below:

At this point, you'll be taken back to the top page, and Hudson is successfully secured. Now you need to create an user account for yourself.

1. Click "login" link at the top right portion of the page
2. Choose "create an account"
3. Use the user name you've used in the above step, and fill in the rest.

If everything works smoothly, you are now logged on as yourself with full permissions. If something goes wrong, follow this to reset the security setting.

Active Directory Setup On Linux Server

If Hudson is running on a Windows server then is better to install the Active Directory plugin.

On a Linux host you have an option to either use the Active Directory plugin or an LDAP based authentication. To configure the LDAP to work with AD provide the following:

Note, that the Manager DN may actually very depending on your AD set up.

LDAP

Select LDAP for the Security Realm and click the help icon for each configuration option to see information about the settings.

If login attempts result in "OperationNotSupportedException - Function Not Implemented", "Administrative Limit Exceeded" or similar error, the LDAP query to determine the group membership for the user may be triggering this. First try setting the "Group search base" setting as specific as possible for your LDAP structure, to reduce the scope of the query. If the error persists, you may need to edit the WEB-INF/security/LDAPBindSecurityRealm.groovy file that is included in hudson.war. Change the line with groupSearchFilter = "(| (member={0}) (uniqueMember={0}) (memberUid={1}))"; to query only of the field used in your LDAP for group membership, such as groupSearchFilter = "(member={0})"; (then restart Hudson).

Groups

• Prefix LDAP groups with ROLE_ and convert them to uppercase when assigning privileges to LDAP groups. For example, the LDAP group Developers (cn=Developers) would be used as ROLE_DEVELOPERS in Hudson
• Group names with non-alpha characters such as hyphen (-), space and comma do not seem to work.
• Hudson does not support indirect group memberships, i.e. if a user is a member of a group A which is itself a member of group B, the user would not get the privileges (e.g. "Adminster Hudson") defined for B - only those defined for A.

LDAP Server known to work

• http://www.opends.org/
• Oracle Internet Directory
• Apple Open Directory
• Microsoft Active Directory