On Fri, Jul 22, 2016 at 06:17:32PM +0530, Rakesh Rajasekharan wrote: > My specific requirement for having "enumerate=TRUE" was , we have a build > server with the jenkins set up. > And for authentication jenkins tries to get the localusers on the system.
I'm not sure what you mean by localusers, but does Jenkins really use some sort of interface that lists all users through the system interface? IIRC Jenkins is written in Java, so I would expect some native Java connector instead.. > > I should be able to get through that by configuring Jenkins to use LDAP > instead of the local users. > > But are there any other reasons for recommending against "enumerate=TRUE", > i recall reading somewhere as well not to use this specific setting. - performance - in general (because it's not the default and few people use enumeration), less tested than the defaul - idviews don't work - trusted AD users can't be enumerated at all -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project