我能够成功运行LDAP groovy脚本(https://issues.jenkins-ci.org/browse/JENKINS-29733),但是没有对Jenkins config.xml文件进行任何更改,因此不会应用任何更改(默认是Jenkins数据库,任何记录的人都可以执行任何操作)。
groovy脚本运行后还有什么需要发生的吗?如果可以澄清,我会很感激。
我想,当我通过Jenkins Web UI配置LDAP时,groovy脚本会导致对config.xml文件的更改。
提前致谢!
import hudson.security.*
import jenkins.model.*
def instance = Jenkins.getInstance()
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
def strategy = new hudson.security.ProjectMatrixAuthorizationStrategy()
String server = 'ldaps://*****:636'
String rootDN = 'DC=*****'
String userSearchBase = 'OU=****'
String userSearch = 'sAMAccountName={0}'
String groupSearchBase = ''
String groupSearchFilter = '(&(objectclass=group)(cn={0}))'
String groupMembershipFilter = '(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))'
String managerDN = 'CN=*****'
String managerPasswordSecret = '******'
boolean inhibitInferRootDN = false
boolean disableMailAddressResolver = false
String displayNameAttributeName = 'displayname'
String mailAddressAttributeName = 'msExchExtensionCustomAttribute4'
SecurityRealm ldap_realm = new LDAPSecurityRealm(server, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, groupMembershipFilter, managerDN, managerPasswordSecret, inhibitInferRootDN, disableMailAddressResolver, null, null, displayNameAttributeName, mailAddressAttributeName)
instance.setSecurityRealm(ldap_realm)
instance.setAuthorizationStrategy(strategy)
{% for account in cj_local_admin_users %}
strategy.add(Jenkins.ADMINISTER, "{{ account }}")
{% endfor %}
instance.save()
更新1:来自班级doc:
LDAPSecurityRealm(String server,String rootDN,String userSearchBase,String userSearch,String groupSearchBase,String groupSearchFilter, LDAPGroupMembershipStrategy groupMembershipStrategy ,String managerDN,hudson.util.Secret managerPasswordSecret,boolean inhibitInferRootDN,boolean disableMailAddressResolver,LDAPSecurityRealm .CacheConfiguration cache,LDAPSecurityRealm.EnvironmentProperty [] environmentProperties,String displayNameAttributeName,String mailAddressAttributeName)
在Jenkins中运行脚本我得到“Script1.groovy:22:无法解析类LDAPGroupMembershipStrategy”
更新2: FromGroupSearchLDAPGroupMembershipStrategy(groupMembershipFilter)
错误:groovy.lang.MissingMethodException:没有方法签名:Script1.FromGroupSearchLDAPGroupMembershipStrategy()适用于参数类型:(java.lang.String)值:[(&(objectCategory = group)(成员:1.2。 840.113556.1.4.1941:= {0}))]
更新3: 使用groupMembershipFilter可以正常工作。通过Jenkins运行时,将对config.xml文件执行更改 当通过Ansible运行时,它完全相同,它不执行更改。我已成为:是和become_user:jenkins设置
:ok = 4 changed = 2 unreachable = 0 failed = 0