How To Configure Jenkins FreeIPA LDAP Authentication

Posted on 259 views

In this guide, I’ll show you how to configure your Jenkins Server to Authenticate users against FreeIPA LDAP server. FreeIPA is an Open Source Identity management system sponsored by Red Hat.

The default installation of Jenkins server uses internal user database which doesn’t work for Large development and Operations teams. You have to manually create each user.

The recommended way of managing users in companies is with LDAP or Microsoft Active Directory(AD). This gives you single-sign-on (SSO) for all the internal services that requires authentication and authorization. Lucky enough, Jenkins has a native LDAP plugin which can be used to Authenticate users against an external LDAP server, such as OpenLDAP, FreeIPA e.t.c.


Configure Jenkins FreeIPA (LDAP) Authentication:

The pre-requisites for this setup are:

  • Running Jenkins Server
  • Running FreeIPA Server

If you’re interested in doing a fresh installation of FreeIPA or Jenkins server, you can refer to our guides below:

FreeIPA Server installation guides:

How to Install FreeIPA Server on CentOS 7

How to Install FreeIPA Server on Ubuntu

How to Install and Configure FreeIPA Server on RHEL / CentOS 8

Jenkins Server installation guides:

How to install Jenkins on CentOS / RHEL 7/8

How to Install Jenkins on Ubuntu

If you have both FreeIPA and Jenkins server installed, follow these steps to setup Jenkins FreeIPA authentication.

Step 1: Create LDAP Bind User on FreeIPA

We’ll need a user for binding to FreeIPA Server.  Login to your FreeIPA Server and create a user called jenkins

Navigate to Identity > Users > Add


Fill in the required details and click “Add

Step 2: Configure Jenkins Server

If you don’t have a domain name for FreeIPA Server configured on DNS, add the line to /etc/hosts file.

echo "" | sudo tee -a /etc/hosts

2. Confirm that you can reach LDAP port from Jenkins server.

$ telnet 389
Connected to
Escape character is '^]'.

3. Login to your Jenkins server as admin user and navigate to “Jenkins > Configure Global Security“.


4. Select LDAP under “Access Control“.


5. Enter LDAP Server (FreeIPA) IP and service port.


6. Click on “Advanced Server Configuration” to expand configuration options.

7. Fill FreeIPA LDAP server details for locating users and groups.

LDAP Server: ldap://
root DN: dc=example,dc=com
User search base: cn=users,cn=accounts
User search filter: uid=0
Group search base: cn=groups,cn=accounts
Group membership >  Search for LDAP groups containing user    
   Group membership filter: (| (member=0) (uniqueMember=0) (memberUid=1))
Manager DN: uid=jenkins,cn=users,cn=accounts,dc=example,dc=com
Manager Password: UserPassword
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail


  • dc=example,dc=com with your LDAP server domain components.
  • UserPassword with Jenkins user password ( Created in step 1)

Your configuration should look similar to below.


When done filling the information, click on “Test LDAP settings” to validate your settings.


Provide Username and Password to test with.


If you receive successful lookup. Apply the settings to Save.

Step 3: Login to Jenkins as LDAP User

The first LDAP user to sign in will get Admin rights.


Step 4: Configure User Roles on Jenkins

By default, Jenkins user policy allows logged in users to access anything. This should not be the case and you need to set proper user policies. Check out our Jenkins policy and user management guide below.

How to Manage Users and Roles in Jenkins

Let other users Login with their LDAP credentials and assign them roles which define what they can do on Jenkins server.


You should have successfully configure Jenkins server to Authenticate user via LDAP Server. Please note that once activate LDAP authentication, Jenkins local internal user database is disabled. For some reason, both cannot co-exist and seem there is no solution for it at the moment.

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.