Alexander Bokovoy wrote:
> On la, 11 helmi 2017, Michael Ströder wrote:
>> Harald Dunkel wrote:
>>> On 02/10/17 15:07, Tomasz Torcz wrote:
>>>> On Fri, Feb 10, 2017 at 02:03:48PM +0100, Harald Dunkel wrote:
>>>>> did anybody succeed in using Freeipa for Jenkins' LDAP module?
>>>>> I can't make it work :-(.
>>>>
>>>>   I'm using Jenkins with FreeIPA, but not with Jenkins's LDAP.
>>>> I have Jenkins set to PAM authentication, which in turn goes thru SSSD.
>>>> It works fine, groups are resolved correctly, too.
>>>
>>> Thats plan B. Its good to know that this works, but I
>>> don't give up that easy.
>>
>> Jenkins' LDAP integration is pretty good and flexible. I made it work with 
>> various
>> LDAP servers in customer projects. I did not have do that with FreeIPA yet 
>> but I'd
>> be very surprised if it doesn't work.
>>
>> (Personally I'd avoid going through PAM.)
>
> Any specific reason for not using pam_sss?

At the end it's a matter of personal taste.

In my deployments PAM logins have most times nothing to do with the services 
running on a
host which might even use a completely different LDAP service.

> Remember, with SSSD involved you get also authentication for trusted users 
> from Active
> Directory realms. You don't get that with generic LDAP way.

This might be a use-case for which to prefer going through pam_sss.
As usual your mileage may vary. But we both know next to nothing about the 
original
posters infrastructure.

> Also, you'd be more efficient in terms of utilising LDAP connections.

Hmm, IMHO this depends very much on the client software used.
Modern Java software has decent LDAP connection pooling.

Ciao, Michael. (not a Java fan though)


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to