Good day!!
I have a requirement where LDAPS authentication needs to b enabled on jenkins server using CASC modules. We have few yaml plugin files where LDAP configuration details can be defined.
I have googled for this requirement but most of the articles talk about LDAP but not LDAPS.
If someone has already done this , please help me with some steps and suggestions.
Please let me know if any additional details are required.
Related
We are using freeradius with ldap authentication in our current environment. But we required to use Active Directory authentication instead of ldap due to ldap servers decommissioning. I’ve no idea how to make the configuration changes. Could you please guide me or share me a link which i can go through and complete the task?
Thanks in advance.
Anil
I did setup jenkins with LDAP and i'm able to login. But when i stop the LDAP server I'm unable to login to jenkins using jenkin's local user account. Also always editing the config.xml is not a good idea to change security settings. Please help me.
What Ive done in a previous role - is a copy of Jenkins config that allows admin & a selection of other users access when LDAP is down.
When LDAP is down , I switch manually
mv config.xml config.ldap.xml
mv config.internal.xml config.xml
Restart Jenkins ( https://stackoverflow.com/a/8077830/1935094 )
The config.internal.xml was setup before I configured LDAP. You could also backup your config.xml , configure Jenkins for internal user access , copy that off and copy back in your LDAP configured config.xml.
Anyway - the idea is that you can still get in , run jobs etc until LDAP is back.
Ive had thoughts about automating it , if LDAP is detected as down ( you could run a lookup periodically , then switch if need be...
As of now, local user login is not possible when LDAP enabled. Jenkins internal user database is automatically disabled when you activate LDAP authentication.
Few Jenkins JIRA to get more details on this.
JENKINS-3404
JENKINS-29162
There is no other way except editing ~.jenkins/config.xml.
Better option is to migrate(LDAP user) to Jenkins own user database.
FOR FUTURE:
- Add a secondary LDAP server on Jenkins host.
- Remember to check "Ignore if unavailable" on the first LDAP.
More info
I have used ldap based camunda-auth to login to the application using HttpBasicAuthenticationProvider provided by camunda, where how can I implement https login and is it supported by camunda (or) we need to use spring security?
Please send any link related or config to camunda - https implementation.
I am not sure I understood you correctly- you want to set up camunda to have TLS and additionally you want LDAP authorization?
To set up TLS, you need to configure it directly on Tomcat server.
First you need to obtain/generate certificates.
Then you need to point to those certificates in server.xml configuration file.
Just google "TLS on Tomcat". I'm sure there are hundreds of tutorials how to do this step by step.
When it comes to LDAP integration - follow documentation:
https://docs.camunda.org/manual/7.8/installation/full/tomcat/configuration/#ldap
I am trying to use the Grails plugin 'directory services' to access LDAP data. I am unable to configure it in GGTS. Can anyone help me with the code or directions to be used in coding a program for LDAP access in GGTS.
Did you check the documentation http://lr.github.io/directory-service/guide/configuration.html to see how to configure the plugin ?
This is a client and this means you have to install / configure also a ldap server. Have a look at the apache directory project https://directory.apache.org to get a ldap client / server . Afterwards you can connect from Grails as client to the Ldap-Server.
I´m starting to use jenkins and I have problems with the authentication when I deploy the project. I dont know where to write the credentials.
Authentication failed: The host was not known and was not accepted by the configuration
Where could I write my credentials? I dont see that point in the configuration panel. Many thanks!
The problem came on settings.xml file (in .m2), that did not have the appropriate login and password.
If you use ssh keys for authentication a server section like this can be used:
<server>
<id>repository-id</id>
<username>john/username>
<privateKey>/home/john/.ssh/id_rsa</privateKey>
</server>
still you may run into trouble in jenkins. You might have to run the maven deploy once in interactive mode to accept the e.g. RSA host key.