Re: Enabling TLS on Jenkins deployed on OpenShift

2018-10-24 Thread Gaurav Ojha 
Thank you. That worked. Stuck in a different issue but that is now related to 
access permissions on the server.

Regards
Gaurav

Get Outlook for iOS


From: Ben Parees 
Sent: Tuesday, October 23, 2018 17:53
To: Gaurav Ojha
Cc: users
Subject: Re: Enabling TLS on Jenkins deployed on OpenShift



On Tue, Oct 23, 2018 at 5:24 PM, Gaurav Ojha 
mailto:gauravo...@gmail.com>> wrote:
Hi,

So I deployed Jenkins on OpenShift via the catalog, and installed the Email 
plugin to send out emails via my smtp server. I have all the details correct, 
but it seems my server expects only SMTPS. I found this link here, which 
mentions the exact error I am seeing

https://stackoverflow.com/questions/20188456/how-to-change-the-security-type-from-ssl-to-tls-in-jenkins

So it seems that if I can enable TLS, I can solve this problem. But I can’t 
think of a suitable way to enable this setting (apart from probably mounting 
the exact Jenkins config in /etc/default/jenkins). Also, I am unable to modify 
the file with the terminal disallowing access.

Has anyone enabled TLS in past who could give me pointers to look at? Or if it 
would be better to just use a docker image instead of the catalog for this 
purpose.


Based on my reading of that link, you need to set 
"-Dmail.smtp.starttls.enable=true" as an arg to jenkins.  Assuming that's true, 
you can do that by setting/adding an env var on your jenkins deploymentconfig:

"JENKINS_JAVA_OVERRIDES=-Dmail.smtp.starttls.enable=true"



Regards


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




--
Ben Parees | OpenShift

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

LDAP authentication issue with lookup mapping method

2018-10-24 Thread Marc Ledent 

Hi all,

I'll try to be as short as possible.

We want to use LDAP authentication, which works with the 'claim' Mapping 
method.


But we want to use the 'lookup' method as we don't want every dev user 
can login on the cluster.


We have the following identity provider config:

  identityProviders:
  - challenge: true
    login: true
    mappingMethod: lookup
    name: ldap_provider
    provider:
  apiVersion: v1
  attributes:
    email:
    - mail
    id:
    - dn
    name:
    - cn
    preferredUsername:
    - uid
  bindDN: ''
  bindPassword: ''
  insecure: true
  kind: LDAPPasswordIdentityProvider
  url: ldaps://XX/o=Y?uid?sub?(objectClass=person)

We then create the user:

oc create user Marc.Ledent

Then we create the identity

oc create identity ldap_provider:Marc.Ledent

Then we edit both the user and the identity to match the UID

But this does not work. Is there a simple way to debug this?

On the other hand, if we user the 'claim' mapping method, I noticed that 
the identity name is:


allow_all:Marc.Ledent    allow_all    Marc.Ledent Marc.Ledent   
8ab115b1-d789-11e8-abfa-001a4a16039e


with 'allow_all' as provider. Is this normal?

Thanks in advance,
Marc



smime.p7s
Description: S/MIME Cryptographic Signature
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users