Issue
-
Configure the security authorization/authentication so that you must to be a member of a specific Active Directory group in order to access your controller.
With RBAC plugin and ldap/ad plugin
You just need to configure your Security Realm and then use the RBAC plugin to map the AD group -> Jenkins group and finally apply the corresponded role to this group. Below, there are two videos which show how to achieve this.
This is the recommended way as it is easily scalable.
Filtering directly with LDAP plugin
However, you might want to filter groups at Security Realm level and not Authorization level. In this case, since the AD plugin does not allow to customize your user filter, your only way is to use the LDAP plugin.
Let’s say that on your AD server you have a group called group1 with the distinguisedName CN=group1,CN=Users,DC=support-cloudbees-2,DC=com.
Then, the configuration you should perform should look something like this:
-
User search filter :
(&(sAMAccountName={0})(memberOf=CN=group1,CN=Users,DC=support-cloudbees-2,DC=com)) -
Group search filter :
(& (cn={0}) (objectclass=group) )