under the "configure global security part" of jenkins, we can specify how
jenkins will fetch users for authentication. One option is
"Unix user/group database" . wherein, it will do a getent passwd and fetch
users from there.
Other is to specify ldap.
There are few other ways as well but haven't explored it yet.


On Fri, Jul 22, 2016 at 6:54 PM, Jakub Hrozek <jhro...@redhat.com> wrote:

> On Fri, Jul 22, 2016 at 06:17:32PM +0530, Rakesh Rajasekharan wrote:
> > My specific requirement for having "enumerate=TRUE" was , we have a build
> > server with the jenkins set up.
> > And for authentication jenkins tries to get the localusers on the system.
> I'm not sure what you mean by localusers, but does Jenkins really use
> some sort of interface that lists all users through the system
> interface? IIRC Jenkins is written in Java, so I would expect some
> native Java connector instead..
> >
> > I should be able to get through that by configuring Jenkins to use LDAP
> > instead of the local users.
> >
> > But  are there any other reasons for recommending against
> "enumerate=TRUE",
> > i recall reading somewhere as well not to use this specific setting.
> - performance
> - in general (because it's not the default and few people use
>   enumeration), less tested than the defaul
> - idviews don't work
> - trusted AD users can't be enumerated at all
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to