On Fri, Jul 22, 2016 at 06:17:32PM +0530, Rakesh Rajasekharan wrote:
> My specific requirement for having "enumerate=TRUE" was , we have a build
> server with the jenkins set up.
> And for authentication jenkins tries to get the localusers on the system.

I'm not sure what you mean by localusers, but does Jenkins really use
some sort of interface that lists all users through the system
interface? IIRC Jenkins is written in Java, so I would expect some
native Java connector instead..

> I should be able to get through that by configuring Jenkins to use LDAP
> instead of the local users.
> But  are there any other reasons for recommending against "enumerate=TRUE",
> i recall reading somewhere as well not to use this specific setting.

- performance
- in general (because it's not the default and few people use
  enumeration), less tested than the defaul
- idviews don't work
- trusted AD users can't be enumerated at all

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to