Any advise? On Monday, February 11, 2019 at 1:37:45 PM UTC+2, Alex Domoradov wrote: > > Hello, > > Does anyone has successes in such kind of integration? Because Google LDAP > service requires certificate authentication I can't point Jenkins directly > to the ldaps://ldap.google.com. I have tried to use stunnel but without > success. > > Jenkins: 2.150.2 > LDAP plugin: 1.20 > > Jenkins settings > > https://i.imgur.com/rShdcmR.png > > https://i.imgur.com/RC0crE9.png > > 172.17.0.1 is the address of stunnel. I use the following config with > stunnel > > # cat /etc/stunnel/ldap.conf > [ldap] > client = yes > accept = 127.0.0.1:389 > connect = ldap.google.com:636 > cert = /etc/stunnel/gldap.crt > key = /etc/stunnel/gldap.key > > > Also I have tried to import google certificate and private key to my own > keystore > > $ openssl pkcs12 -export -out ldap.google.com.pkcs12 \ > > -inkey gldap.key -in gldap.crt > > > $ keytool -v -importkeystore -srckeystore ldap.google.com.pkcs12 \ > > -srcstoretype PKCS12 -destkeystore cacerts -deststoretype JKS > > > and point Jenkins to it > > -Djavax.net.ssl.keyStore=/var/jenkins_home/.cacerts/cacerts > -Djavax.net.ssl.keyStorePassword=changeit > > > But without success. Did I miss something? > >
-- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/beec4da0-439c-4a60-958e-70bd47df2d27%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
