Jenkins System User Management: Built‑in Database, LDAP Integration, and GitLab/GitHub Single Sign‑On
This article explains how to configure Jenkins user authentication and authorization, covering the built‑in user database, LDAP integration, and single sign‑on setups for GitLab and GitHub, including backup tips, configuration steps, and example XML snippets.
Jenkins System User Management
We access System Settings > Global Security Configuration to set Jenkins authentication and authorization strategies. Before making changes, back up ${JENKINS_HOME}/config.xml so you can quickly restore if needed.
If a configuration error locks you out, edit ${JENKINS_HOME}/config.xml and change <useSecurity>true</useSecurity> to <useSecurity>false</useSecurity> , restart Jenkins, re‑configure the desired permissions, and then re‑enable security.
1.1 Jenkins Built‑in User Database
Navigate to System > Security > Manage Users to create, edit, or delete users. For example, creating a user zeyang stores its data under ${JENKINS_HOME}/users/zeyang_<unique_id>/config.xml . The users directory also contains users.xml which lists all users.
[root@zeyang-nuc-service users]# ls
admin_3285798656405222668 users.xml zeyang_1686679553273142732The individual user’s config.xml holds all profile information and can be edited via the web UI.
<?xml version='1.1' encoding='UTF-8'?>
<user>
<version>10</version>
<id>zeyang</id>
<fullName>zeyangli</fullName>
<properties>
... (other property entries) ...
<hudson.tasks.Mailer_-UserProperty plugin="[email protected]">
<emailAddress>[email protected]</emailAddress>
</hudson.tasks.Mailer_-UserProperty>
</properties>
</user>1.2 LDAP Authentication Integration
LDAP provides centralized user management. Required information includes:
LDAP server address (e.g., ldap://192.168.1.200 )
LDAP server port (default 389 )
Base OU for Jenkins users (e.g., ou=jenkins,dc=devops,dc=com )
Bind DN with query permissions (e.g., cn=admin,dc=devops,dc=com )
Install the LDAP plugin in Jenkins, go to System Management > Global Security Configuration , fill in the LDAP details, and click the Test button to verify connectivity before saving.
1.3 GitLab Single Sign‑On
To avoid repeated logins, configure GitLab as an SSO provider. In GitLab, create a new application (System Settings > Application Management) and set the Jenkins callback URL to http://jenkinsserver:8080/securityRealm/finishLogin , granting the read_user scope.
Note the generated ApplicationID and secret . In Jenkins, install the Gitlab Authentication plugin, then in Global Security configure the GitLab server URL, Application ID, and secret. Ensure Jenkins is reachable via HTTP (not HTTPS) when using this method.
1.4 GitHub Single Sign‑On
GitHub SSO follows a similar process: create an OAuth App in GitHub (Settings > Developer Settings > OAuth Apps) with the same callback URL, obtain the Application ID and secret, install the Github Authentication plugin in Jenkins, and configure the credentials in Global Security.
After completing the configuration, Jenkins users can authenticate via the chosen method (built‑in database, LDAP, GitLab, or GitHub). Subsequent articles will cover permission management for projects and users.
DevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.