And note: FreeIPA is auto-detected only with current master, for older releases you need to configure all attributes manually.
See https://gerrit-review.googlesource.com/#/c/94925/ for hints. Björn Am Freitag, 24. März 2017 09:11:50 UTC+1 schrieb Maciej D: > > Hi Björn > > I'm using Freeipa. > > That would mean that I'm using a wrong DN? > > I'm using the DN because it's able to see tha password hashes. > > Thanks for help! > > Server: ldaps://ipa.mydomain > root DN: dc=mydomain,dc=com > User search base: cn=users,cn=accounts > User search filter: > (objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%u) > Manager DN: cn=Directory Manager > Display Name LDAP attribute: displayname > Email Address LDAP attribute: mail > > > 2017-03-24 8:24 GMT+01:00 'Björn Pedersen' via Jenkins Users < > [email protected] <javascript:>>: > >> Hi, >> >> that's not how LDAP-auth normally works: >> >> Jenkins takes the user and password, and tries an LDAP bind with this >> password. If the LDAP server returns success, then the login is granted. >> I suspect there is some other problem with your LDAP config. >> >> Questions: >> * What type of LDAP server are you running (ActiveDirectory, OpenLDAP, >> FreeIPA, ...)? >> * What is your LDAP config (remember to remove passwords/sensitive >> information before posting) >> >> Björn >> >> Am Donnerstag, 23. März 2017 16:40:58 UTC+1 schrieb Maciej D: >>> >>> Hi Jenkins users! >>> >>> I'm trying to bind jenkins to LDAP auth. >>> >>> Jenkins is successfully downloading the user list. >>> >>> Unfortunately the credentials are wrong every-time I try to login with >>> an valid account. >>> >>> My LDAP server stores salted sha (SSHA) in base64 for user passwords. >>> >>> Can jenkins detect i.e base64 decode then take the salt and calculate >>> the hash to compare it to the password hash that's stored in LDAP? >>> >>> Thanks for help! >>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Jenkins Users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/jenkinsci-users/P-kqf68q3Kc/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/3531dc35-60f4-446a-8a26-f43d04bcb203%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-users/3531dc35-60f4-446a-8a26-f43d04bcb203%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Pozdrawiam! > Maciej Drobniuch > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/7a6b9858-76d9-4c78-a31c-953647bf48da%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
