[JIRA] [active-directory-plugin] (JENKINS-3404) mix LDAP and local Hudson users

[advorsky@vasco.com (JIRA)]

Alexander Dvorsky updated an issue

Jenkins / JENKINS-3404 mix LDAP and local Hudson users Change By: Alexander Dvorsky Component/s: ldap-plugin Component/s: security Add Comment

This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)

[advorsky@vasco.com (JIRA)]

Alexander Dvorsky commented on JENKINS-3404

Re: mix LDAP and local Hudson users This would make sense as well to have e.g. a user for automation, which doesn't need to exist in the active directory/ldap directory. i would very welcome this as well...

Add Comment

[fedesg@gmail.com (JIRA)]

Federico Soria Galvarro commented on JENKINS-3404

Re: mix LDAP and local Hudson users

This bug have any estimated date? As Alexander say make sense, for example I have external user that not exists in the active directory but I want that they can be logged. Also, and most important, if my LDAP is down I can't use Jenkins, is really useful have a local account for this circumstance.

Add Comment

[jens.rosenthal@compcom.de (JIRA)]

Jens Rosenthal commented on JENKINS-3404

Re: mix LDAP and local Hudson users

Another important - at least I think so - use case is, that in case there is an LDAP problem, that needs a config update, I cannot login to jenkins to fix the problem. So a "standard" account (the admin or root), that is NOT tied to the configured LDAP is needed.

Add Comment

[heiko.nardmann@itechnical.de (JIRA)]

Heiko Nardmann commented on JENKINS-3404

Re: mix LDAP and local Hudson users

I also would like to add some "Technical SCM Trigger User" that is used when the SCM creates a trigger. Such a user shall not be part of LDAP but just be part of Jenkins user database. This avoids an anonymous account inside Jenkins with Discover+Read privileges. This involves either only changing the ldap-plugin or being able to iterate over a list of AbstractPasswordBasedSecurityRealm implementations (as far as I understand). This would probably also involve that getSecurityRealm() has to be replaced by some getSecurityRealms() (returning a list of realms). The same for setSecurityRealm(SecurityRealm securityRealm).

Add Comment

This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)

[605290478@qq.com (JIRA)]

Sam Zhao commented on JENKINS-3404

Re: mix LDAP and local Hudson users

Very appreciate for these features. As a system admin, to keep Jenkins platform to high availability is very important. If LDAP is down , users will not login Jenkins to do any job.

Add Comment

[thefriendlycoder@gmail.com (JIRA)]

Kevin Phillips commented on JENKINS-3404

Re: mix LDAP and local Hudson users

I too would like to have the ability to define a couple of static local users on a Jenkins server, for pretty much the same reasons stated above - automated processes accessing Jenkins, accessing the dashboard when LDAP/AD are down, etc. This would be very helpful.

Add Comment

[fbelzunc@gmail.com (JIRA)]

Félix Belzunce Arcos resolved as Duplicate

Jenkins / JENKINS-3404

mix LDAP and local Hudson users

Change By: Félix Belzunce Arcos Status: Open Resolved Assignee: Félix  Belzunce Arcos Resolution: Duplicate

Add Comment

[patryk.cichy@nokia.com (JIRA)]

Patryk Cichy commented on JENKINS-3404

Re: mix LDAP and local Hudson users Why is this marked as duplicate? JENKINS-39065 should be marked as duplicate - it only covers AD plugin and this ticket is also about LDAP plugin.

Add Comment

[mail@martinmajewski.net (JIRA)]

Martin Majewski commented on JENKINS-3404

Re: mix LDAP and local Hudson users

2019 and still nothing at this front? We have users whose AD accounts are disabled due to ID renewal and for this period they cannot log into Jenkins. A local user store would be much appreciated! Best wishes, Martin

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[gdupin@gmail.com (JIRA)]

Guillaume Dupin commented on JENKINS-3404

Re: mix LDAP and local Hudson users

Agree with all comments above : this feature is important for many some use cases. For me, it would be useful to configure Jenkins with Configuration-as-Code plugin with a local non-LDAP user that will be responsible to regularly apply Jenkins configuration (and as LDAP is a part of this configuration, cannot use a LDAP user for this) Félix Belzunce Arcos any update on this please ? Or at least a estimation date ? Thank you

Add Comment

[gdupin@gmail.com (JIRA)]

Guillaume Dupin edited a comment on JENKINS-3404

Re: mix LDAP and local Hudson users

Agree with all comments above : this feature is important for many some

use cases.

For me, it would be useful to configure Jenkins with Configuration-as-Code plugin with a local non-LDAP user that will be responsible to regularly apply Jenkins configuration (and as LDAP is a part of this configuration, cannot use a LDAP user for this)

[~fbelzunc] any update on this please ? Or at least a estimation date ? Thank you

Add Comment

[gdupin@gmail.com (JIRA)]

Guillaume Dupin edited a comment on JENKINS-3404

Re: mix LDAP and local Hudson users

Agree with all comments above : this feature is important for many use cases. For me, it would be useful to configure Jenkins with Configuration-as-Code plugin with a local ( non-LDAP ) user that will be responsible to regularly apply Jenkins configuration (and as LDAP is a part of this configuration, cannot use a LDAP user for this)

[~fbelzunc] any update on this please ? Or at least a estimation date ? Thank you

Add Comment

[gdupin@gmail.com (JIRA)]

Guillaume Dupin edited a comment on JENKINS-3404

Re: mix LDAP and local Hudson users

Agree with all comments above : this feature is important for many use cases.

For me, it would be useful to configure Jenkins with Configuration-as-Code plugin with a local (non-LDAP) user that will be responsible to apply Jenkins configuration (and as LDAP is a part of this configuration, cannot use a LDAP user for this) @ [~fbelzunc] any update on this please ? Or at least a estimation date ? Thank you

Add Comment

[gdupin@gmail.com (JIRA)]

[gdupin@gmail.com (JIRA)]

Guillaume Dupin edited a comment on JENKINS-3404

Re: mix LDAP and local Hudson users

Agree with all comments above : this feature is important for many use cases. For me, it would be useful to configure Jenkins with Configuration-as-Code plugin with a local (non-LDAP) user that will be responsible to apply Jenkins configuration (and as LDAP is a part of this configuration, cannot use a LDAP user for this)

@[~fbelzunc] any update on this please ? Or at least a an estimation date ? Thank you

Add Comment

[batmat@batmat.net (JIRA)]

Baptiste Mathus commented on JENKINS-3404

Re: mix LDAP and local Hudson users

As Félix said above, doing this at the SecurityRealm level would likely imply duplicating code between the various implementations. So, I'm inclined to think this issue here should actually be closed as a duplicate of JENKINS-15063. Because at least JENKINS-15063 has core as a component, as it should be IMO.

Add Comment

[machn1k@icloud.com (JIRA)]

Mike Machnik commented on JENKINS-3404

Re: mix LDAP and local Hudson users

As mentioned in some of the comments above, allowing for both LDAP and local security allows for real users to have access but also allowing for local users to be created for automation.  This support would allow us to create an ideal security environment for real users and automation.

Add Comment

[machn1k@icloud.com (JIRA)]

Mike Machnik edited a comment on JENKINS-3404

Re: mix LDAP and local Hudson users

As mentioned in some of the comments above, allowing for both LDAP and local security allows for real users to have access but also allowing for local users to be created for automation.  This support would allow us to create an ideal security environment for real users and our automation.

Add Comment

[jonas.julve@gmail.com (JIRA)]

Jonas Julve assigned an issue to Jonas Julve

Jenkins / JENKINS-3404

mix LDAP and local Hudson users

Change By: Jonas Julve Assignee: Félix  Belzunce Arcos Jonas Julve

Add Comment

[jonas.julve@gmail.com (JIRA)]

Jonas Julve assigned an issue to Félix Belzunce Arcos

Jenkins / JENKINS-3404 mix LDAP and local Hudson users

Change By: Jonas Julve Assignee: Jonas Julve Félix  Belzunce Arcos

Add Comment

[totoiverson@hotmail.com (JIRA)]

Sharon Kwok commented on JENKINS-3404

Re: mix LDAP and local Hudson users Agreed with all the comments above. We really need the support of both local security and LDAP security. Normal users should use LDAP for login, while local users are created for automation and remote API call. It would be highly appreciated if it could be implemented.

Add Comment

[smekkley-1@gmx.com (JIRA)]

smek commented on JENKINS-3404

Re: mix LDAP and local Hudson users

Is there workaround on this thing other than using PAM? I heard AD plugin supports this, so maybe it's not too difficult to support LDAP with that plugin?

Add Comment

[rorynelsonscott@gmail.com (JIRA)]

Rory Scott commented on JENKINS-3404

Re: mix LDAP and local Hudson users

+1 to what's been said. Automating with a local user would be great while using LDAP for internal users.

Add Comment

[rajiv270992@gmail.com (JIRA)]

Rajiv KR commented on JENKINS-3404

Re: mix LDAP and local Hudson users

Need this feature as we are trying to make api calls with ldap enabled jenkins, any local hudson users added to ldap will be really useful. Any update on this?

Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

[wenjunxiao@126.com (JIRA)]

WENJUN XIAO commented on JENKINS-3404

Re: mix LDAP and local Hudson users

I try to mixing local user with others by this plugin [mixing-security-realm-plugin|https://github.com/wenjunxiao/mixing-security-realm-plugin]

Add Comment