under the "configure global security part" of jenkins, we can specify how
jenkins will fetch users for authentication. One option is
"Unix user/group database" . wherein, it will do a getent passwd and fetch
users from there.
Other is to specify ldap.
There are few other ways as well but haven't explored it yet.

Thanks
Rakesh


On Fri, Jul 22, 2016 at 6:54 PM, Jakub Hrozek <jhro...@redhat.com> wrote:

> On Fri, Jul 22, 2016 at 06:17:32PM +0530, Rakesh Rajasekharan wrote:
> > My specific requirement for having "enumerate=TRUE" was , we have a build
> > server with the jenkins set up.
> > And for authentication jenkins tries to get the localusers on the system.
>
> I'm not sure what you mean by localusers, but does Jenkins really use
> some sort of interface that lists all users through the system
> interface? IIRC Jenkins is written in Java, so I would expect some
> native Java connector instead..
>
> >
> > I should be able to get through that by configuring Jenkins to use LDAP
> > instead of the local users.
> >
> > But  are there any other reasons for recommending against
> "enumerate=TRUE",
> > i recall reading somewhere as well not to use this specific setting.
>
> - performance
> - in general (because it's not the default and few people use
>   enumeration), less tested than the defaul
> - idviews don't work
> - trusted AD users can't be enumerated at all
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to