Re: [Freeipa-users] Jenkins integration?

2017-03-24 Thread Maciej Drobniuch
Just tried with LDAPs over jxplorer and jenkins. Unfortunately it's not working. The master jenkins release supports ipa auto detection. https://gerrit-review.googlesource.com/#/c/94925/ I will give it a try. On Fri, Mar 24, 2017 at 2:06 PM, Alexander Bokovoy wrote: >

Re: [Freeipa-users] Jenkins integration?

2017-03-24 Thread Michael Ströder
Maciej Drobniuch wrote: > I see now what you mean. > > The SSHA decoding is handled on the client side by using acegi not on the > ldap server > side... No, Jenkins sends a bind request with the user's bind-DN and clear-text password. Password check is done server-side. Ciao, Michael.

Re: [Freeipa-users] Jenkins integration?

2017-03-24 Thread Alexander Bokovoy
On pe, 24 maalis 2017, Maciej Drobniuch wrote: I see now what you mean. The SSHA decoding is handled on the client side by using acegi not on the ldap server side... Am I inline with this? No, you are not. There are multiple LDAP authentication providers (authenticators) in Acegi Security

Re: [Freeipa-users] Jenkins integration?

2017-03-24 Thread Maciej Drobniuch
I see now what you mean. The SSHA decoding is handled on the client side by using acegi not on the ldap server side... Am I inline with this? I'm logging in with cn=Directory Manager (no issues) but it fails with the user dn(jxplorer) I'll try figure this out with the jenkins mailing list.

Re: [Freeipa-users] Jenkins integration?

2017-03-24 Thread Alexander Bokovoy
On pe, 24 maalis 2017, Maciej Drobniuch wrote: Hi Alex, Even while using LDAP a browser (jxplorer) I can not login with the following user DN uid=admin,cn=users,cn=accounts,dc=mydomain,dc=com javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] Only the Directory

Re: [Freeipa-users] Jenkins integration?

2017-03-24 Thread Maciej Drobniuch
Hi Alex, Even while using LDAP a browser (jxplorer) I can not login with the following user DN uid=admin,cn=users,cn=accounts,dc=mydomain,dc=com javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] Only the Directory Manager cn and pwd works. Any ideas what am I

Re: [Freeipa-users] Jenkins integration?

2017-03-24 Thread Alexander Bokovoy
On pe, 24 maalis 2017, Maciej Drobniuch wrote: Hi All, I'm trying to integrate Freeipa with jenkins and ldap auth plugin. The thing with the Freeipa LDAP server is: * Only Directory Manager can read userPassword field (not sure yet how to create a sysaccount which can read the field. ldifs are

Re: [Freeipa-users] Jenkins integration?

2017-03-24 Thread Maciej Drobniuch
Hi All, I'm trying to integrate Freeipa with jenkins and ldap auth plugin. The thing with the Freeipa LDAP server is: * Only Directory Manager can read userPassword field (not sure yet how to create a sysaccount which can read the field. ldifs are welcome ;) * The userPassword field contains the

Re: [Freeipa-users] Jenkins integration?

2017-02-11 Thread Michael Ströder
Alexander Bokovoy wrote: > On la, 11 helmi 2017, Michael Ströder wrote: >> Alexander Bokovoy wrote: >>> On la, 11 helmi 2017, Harald Dunkel wrote: On 02/11/17 11:57, Alexander Bokovoy wrote: > On la, 11 helmi 2017, Michael Ströder wrote: >> >> (Personally I'd avoid going through

Re: [Freeipa-users] Jenkins integration?

2017-02-11 Thread Alexander Bokovoy
On la, 11 helmi 2017, Michael Ströder wrote: Alexander Bokovoy wrote: On la, 11 helmi 2017, Harald Dunkel wrote: On 02/11/17 11:57, Alexander Bokovoy wrote: On la, 11 helmi 2017, Michael Ströder wrote: (Personally I'd avoid going through PAM.) Any specific reason for not using pam_sss?

Re: [Freeipa-users] Jenkins integration?

2017-02-11 Thread Michael Ströder
Alexander Bokovoy wrote: > On la, 11 helmi 2017, Harald Dunkel wrote: >> On 02/11/17 11:57, Alexander Bokovoy wrote: >>> On la, 11 helmi 2017, Michael Ströder wrote: (Personally I'd avoid going through PAM.) >>> Any specific reason for not using pam_sss? Remember, with SSSD involved >>>

Re: [Freeipa-users] Jenkins integration?

2017-02-11 Thread Alexander Bokovoy
On la, 11 helmi 2017, Harald Dunkel wrote: On 02/11/17 11:57, Alexander Bokovoy wrote: On la, 11 helmi 2017, Michael Ströder wrote: (Personally I'd avoid going through PAM.) Any specific reason for not using pam_sss? Remember, with SSSD involved you get also authentication for trusted users

Re: [Freeipa-users] Jenkins integration?

2017-02-11 Thread Harald Dunkel
On 02/11/17 11:57, Alexander Bokovoy wrote: > On la, 11 helmi 2017, Michael Ströder wrote: >> >> (Personally I'd avoid going through PAM.) > Any specific reason for not using pam_sss? Remember, with SSSD involved > you get also authentication for trusted users from Active Directory > realms. You

Re: [Freeipa-users] Jenkins integration?

2017-02-11 Thread Michael Ströder
Alexander Bokovoy wrote: > On la, 11 helmi 2017, Michael Ströder wrote: >> Harald Dunkel wrote: >>> On 02/10/17 15:07, Tomasz Torcz wrote: On Fri, Feb 10, 2017 at 02:03:48PM +0100, Harald Dunkel wrote: > did anybody succeed in using Freeipa for Jenkins' LDAP module? > I can't make it

Re: [Freeipa-users] Jenkins integration?

2017-02-11 Thread Alexander Bokovoy
On la, 11 helmi 2017, Michael Ströder wrote: Harald Dunkel wrote: On 02/10/17 15:07, Tomasz Torcz wrote: On Fri, Feb 10, 2017 at 02:03:48PM +0100, Harald Dunkel wrote: did anybody succeed in using Freeipa for Jenkins' LDAP module? I can't make it work :-(. I'm using Jenkins with FreeIPA,

Re: [Freeipa-users] Jenkins integration?

2017-02-11 Thread Michael Ströder
Harald Dunkel wrote: > On 02/10/17 15:07, Tomasz Torcz wrote: >> On Fri, Feb 10, 2017 at 02:03:48PM +0100, Harald Dunkel wrote: >>> did anybody succeed in using Freeipa for Jenkins' LDAP module? >>> I can't make it work :-(. >> >> I'm using Jenkins with FreeIPA, but not with Jenkins's LDAP. >> I

Re: [Freeipa-users] Jenkins integration?

2017-02-10 Thread Harald Dunkel
On 02/10/17 15:07, Tomasz Torcz wrote: > On Fri, Feb 10, 2017 at 02:03:48PM +0100, Harald Dunkel wrote: >> Hi folks, >> >> did anybody succeed in using Freeipa for Jenkins' LDAP module? >> I can't make it work :-(. > > I'm using Jenkins with FreeIPA, but not with Jenkins's LDAP. > I have

Re: [Freeipa-users] Jenkins integration?

2017-02-10 Thread Tomasz Torcz
On Fri, Feb 10, 2017 at 02:03:48PM +0100, Harald Dunkel wrote: > Hi folks, > > did anybody succeed in using Freeipa for Jenkins' LDAP module? > I can't make it work :-(. I'm using Jenkins with FreeIPA, but not with Jenkins's LDAP. I have Jenkins set to PAM authentication, which in turn goes