KBEC-00399 - Create an ACL entry for an LDAP group

Article ID:360032824352
1 minute readKnowledge base

Summary

This article will describe how you should define an ACL entry for an LDAP group.

Solution

When you create an ACL entry for an LDAP group, you must provide the Distinguished Name (DN) of the LDAP directory for the createAclEntry principalName field.

A DN is a sequence of relative distinguished names (RDN) connected by commas. An RDN is an attribute with an associated value in the form attribute=value; normally expressed in a UTF-8 string format.

For example:

ectool createAclEntry group "CN=ec-admins,OU=user,OU=Groups,DC=eflow,DC=net" --systemObjectName server

The DN is "CN=ec-admins,OU=user,OU=Groups,DC=eflow,DC=net". This command will create an ACL group called ec-admins on the server. The location of the LDAP directory is eflow.net/user/Groups.

ldapAcl.PNG

RDN Attribute Types

String  X.500 AttributeType
------------------------------
CN      commonName
L       localityName
ST      stateOrProvinceName
O       organizationName
OU      organizationalUnitName
C       countryName
STREET  streetAddress
DC      domainComponent
UID     userid
This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.