Re: [Freeipa-users] Jenkins integration?

Just tried with LDAPs over jxplorer and jenkins. Unfortunately it's not working. The master jenkins release supports ipa auto detection. https://gerrit-review.googlesource.com/#/c/94925/ I will give it a try. On Fri, Mar 24, 2017 at 2:06 PM, Alexander Bokovoy wrote: >

Re: [Freeipa-users] Jenkins integration?

Maciej Drobniuch wrote: > I see now what you mean. > > The SSHA decoding is handled on the client side by using acegi not on the > ldap server > side... No, Jenkins sends a bind request with the user's bind-DN and clear-text password. Password check is done server-side. Ciao, Michael.

Re: [Freeipa-users] Jenkins integration?

On pe, 24 maalis 2017, Maciej Drobniuch wrote: I see now what you mean. The SSHA decoding is handled on the client side by using acegi not on the ldap server side... Am I inline with this? No, you are not. There are multiple LDAP authentication providers (authenticators) in Acegi Security

Re: [Freeipa-users] Jenkins integration?

I see now what you mean. The SSHA decoding is handled on the client side by using acegi not on the ldap server side... Am I inline with this? I'm logging in with cn=Directory Manager (no issues) but it fails with the user dn(jxplorer) I'll try figure this out with the jenkins mailing list.

Re: [Freeipa-users] Jenkins integration?

On pe, 24 maalis 2017, Maciej Drobniuch wrote: Hi Alex, Even while using LDAP a browser (jxplorer) I can not login with the following user DN uid=admin,cn=users,cn=accounts,dc=mydomain,dc=com javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] Only the Directory

Re: [Freeipa-users] Jenkins integration?

Hi Alex, Even while using LDAP a browser (jxplorer) I can not login with the following user DN uid=admin,cn=users,cn=accounts,dc=mydomain,dc=com javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] Only the Directory Manager cn and pwd works. Any ideas what am I

Re: [Freeipa-users] Jenkins integration?

On pe, 24 maalis 2017, Maciej Drobniuch wrote: Hi All, I'm trying to integrate Freeipa with jenkins and ldap auth plugin. The thing with the Freeipa LDAP server is: * Only Directory Manager can read userPassword field (not sure yet how to create a sysaccount which can read the field. ldifs are

Re: [Freeipa-users] Jenkins integration?

Hi All, I'm trying to integrate Freeipa with jenkins and ldap auth plugin. The thing with the Freeipa LDAP server is: * Only Directory Manager can read userPassword field (not sure yet how to create a sysaccount which can read the field. ldifs are welcome ;) * The userPassword field contains the

Re: [Freeipa-users] Jenkins integration?

Alexander Bokovoy wrote: > On la, 11 helmi 2017, Michael Ströder wrote: >> Alexander Bokovoy wrote: >>> On la, 11 helmi 2017, Harald Dunkel wrote: On 02/11/17 11:57, Alexander Bokovoy wrote: > On la, 11 helmi 2017, Michael Ströder wrote: >> >> (Personally I'd avoid going through

Re: [Freeipa-users] Jenkins integration?

On la, 11 helmi 2017, Michael Ströder wrote: Alexander Bokovoy wrote: On la, 11 helmi 2017, Harald Dunkel wrote: On 02/11/17 11:57, Alexander Bokovoy wrote: On la, 11 helmi 2017, Michael Ströder wrote: (Personally I'd avoid going through PAM.) Any specific reason for not using pam_sss?

Re: [Freeipa-users] Jenkins integration?

Alexander Bokovoy wrote: > On la, 11 helmi 2017, Harald Dunkel wrote: >> On 02/11/17 11:57, Alexander Bokovoy wrote: >>> On la, 11 helmi 2017, Michael Ströder wrote: (Personally I'd avoid going through PAM.) >>> Any specific reason for not using pam_sss? Remember, with SSSD involved >>>

Re: [Freeipa-users] Jenkins integration?

On la, 11 helmi 2017, Harald Dunkel wrote: On 02/11/17 11:57, Alexander Bokovoy wrote: On la, 11 helmi 2017, Michael Ströder wrote: (Personally I'd avoid going through PAM.) Any specific reason for not using pam_sss? Remember, with SSSD involved you get also authentication for trusted users

Re: [Freeipa-users] Jenkins integration?

On 02/11/17 11:57, Alexander Bokovoy wrote: > On la, 11 helmi 2017, Michael Ströder wrote: >> >> (Personally I'd avoid going through PAM.) > Any specific reason for not using pam_sss? Remember, with SSSD involved > you get also authentication for trusted users from Active Directory > realms. You

Re: [Freeipa-users] Jenkins integration?

Alexander Bokovoy wrote: > On la, 11 helmi 2017, Michael Ströder wrote: >> Harald Dunkel wrote: >>> On 02/10/17 15:07, Tomasz Torcz wrote: On Fri, Feb 10, 2017 at 02:03:48PM +0100, Harald Dunkel wrote: > did anybody succeed in using Freeipa for Jenkins' LDAP module? > I can't make it

Re: [Freeipa-users] Jenkins integration?

On la, 11 helmi 2017, Michael Ströder wrote: Harald Dunkel wrote: On 02/10/17 15:07, Tomasz Torcz wrote: On Fri, Feb 10, 2017 at 02:03:48PM +0100, Harald Dunkel wrote: did anybody succeed in using Freeipa for Jenkins' LDAP module? I can't make it work :-(. I'm using Jenkins with FreeIPA,

Re: [Freeipa-users] Jenkins integration?

Harald Dunkel wrote: > On 02/10/17 15:07, Tomasz Torcz wrote: >> On Fri, Feb 10, 2017 at 02:03:48PM +0100, Harald Dunkel wrote: >>> did anybody succeed in using Freeipa for Jenkins' LDAP module? >>> I can't make it work :-(. >> >> I'm using Jenkins with FreeIPA, but not with Jenkins's LDAP. >> I

Re: [Freeipa-users] Jenkins integration?

On 02/10/17 15:07, Tomasz Torcz wrote: > On Fri, Feb 10, 2017 at 02:03:48PM +0100, Harald Dunkel wrote: >> Hi folks, >> >> did anybody succeed in using Freeipa for Jenkins' LDAP module? >> I can't make it work :-(. > > I'm using Jenkins with FreeIPA, but not with Jenkins's LDAP. > I have

Re: [Freeipa-users] Jenkins integration?

On Fri, Feb 10, 2017 at 02:03:48PM +0100, Harald Dunkel wrote: > Hi folks, > > did anybody succeed in using Freeipa for Jenkins' LDAP module? > I can't make it work :-(. I'm using Jenkins with FreeIPA, but not with Jenkins's LDAP. I have Jenkins set to PAM authentication, which in turn goes

[Freeipa-users] Jenkins integration?

Hi folks, did anybody succeed in using Freeipa for Jenkins' LDAP module? I can't make it work :-(. On the command line the jenkins user appears to have read access to the LDAP database. The config UI for Jenkin's LDAP plugin doesn't complain, either. Jenkins System Log appears to be fine. But if