Issue
-
Configure the security authorization/authentication so that to access your Jenkins Enterprise instance, you HAVE to be a member of a specific Active Directory group
With RBAC plugin and ldap/ad plugin
You just need to configure your Security Realm and then use the RBAC plugin to map the AD group -> Jenkins group and finally apply the corresponded role to this group. Below, there are two videos which show how to achieve this.
This is the recommended way as it is easily scalable.
Filtering directly with LDAP plugin
However, you might want to filter groups at Security Realm level and not Authorization level. In this case, since the AD plugin does not allow to customize your user filter, your only way is to use the LDAP plugin.
Let’s say that on your AD server you have a group called group1
with the distinguisedName
CN=group1,CN=Users,DC=support-cloudbees-2,DC=com
.


Then, the configuration you should perform should look something like this:

-
User search filter :
(&(sAMAccountName={0})(memberOf=CN=group1,CN=Users,DC=support-cloudbees-2,DC=com))
-
Group search filter :
(& (cn={0}) (objectclass=group) )