LDAP user role based authentication

Setting up role-based authentication for LDAP users in Jenkins involves several steps. Role-based authentication allows you to control access to Jenkins resources based on user roles or groups.

Step 1: Install the Required Plugins Ensure that you have the following plugins installed in your Jenkins instance:

[Role-based Authorization Strategy 44](https://plugins.jenkins.io/role-strategy/): This plugin allows you to define roles and assign permissions to those roles.
[LDAP Plugin 7](https://plugins.jenkins.io/ldap/): This plugin enables LDAP authentication.
You can install these plugins through the Jenkins Plugin Manager.

Step 2: Configure LDAP Authentication

Go to “Manage Jenkins” > “Security.”
Under “Security Realm,” select “LDAP” from the dropdown.
Configure your LDAP server settings, such as LDAP server URL, manager DN, and password. Test the connection (by clicking on the “Test LDAP settings” button) to ensure it’s working.
Set the “Group membership” attribute in the “Advanced Server Configuration”. This attribute is used to determine which groups a user belongs to. Typically, it’s something like “memberOf” for Active Directory.
Configure other LDAP settings as per your LDAP server setup.
Save your LDAP configuration.

Step 3: Configure Role-Based Authorization

Still in the “Security” page, under “Authorization,” select “Role-Based Strategy.”

How to Setup LDAP server

1. download staff 
git clone https://github.com/linxusautomation/openldap.git

2. run install ldap servver
cd openldap; ./install.sh as follows

3. debug disable SELINUX in /etc/selinux/config
4. change DirectoryIndex index.html index.php in /etc/httpd/conf/httpd.conf
5. Manager password=password
6. brawse LDAP Account Manager by http://localhost/lam

7. cat install.sh:
yum install openldap-servers openldap-clients git -y &>/dev/null
 cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG 
 chown ldap. /var/lib/ldap/DB_CONFIG 
systemctl start slapd 
systemctl enable slapd 

cd /opt
git clone https://github.com/linuxautomations/openldap.git & > /dev/null
cd /opt/openldap
ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif 
ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif 
ldapadd -x -D cn=Manager,dc=linuxautomations,dc=com -W -f basedomain.ldif 

yum install httpd php php-ldap -y &>/dev/null
cd /var/www/html
tar xf /opt/openldap/lam.tgz
systemctl restart httpd
systemctl enable httpd