Moving from built-in Jenkins user DB to another source (like Google)
52 views
Skip to first unread message
Mike Chmielewski
Mar 9, 2015, 12:13:29 PM3/9/15
to jenkins...@googlegroups.com
Hi everyone,
I was wondering if anyone has experiences they are willing to share about moving the user DB from the built-in Jenkins DB to an outside one like LDAP or Google OpenID/Oauth (Google Oauth experience is more applicable to my use case).
We have have 50-75 users with access now, and the company uses Google Apps, so it is a natural fit to move to the shared auth in Google, as we grow larger/have multiple remote offices, etc.
Are there manual steps to migrate? Is it seamless? Does it default to internal?
The only gotcha I have is that we have some outsourcing groups with access, with their own email systems... Is the current Google authentication integration flexible enough?
Thanks!
James Green
Mar 10, 2015, 9:23:03 AM3/10/15
to jenkins...@googlegroups.com
Do it with a test jenkins instance. Pure speculation otherwise.
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/b536b172-abe0-420e-a001-40eeeca66587%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Mike Chmielewski
Mar 11, 2015, 10:19:35 AM3/11/15
to jenkins...@googlegroups.com
That was the next step, But I was hoping for some real world experience as well.
Maciej Jaros
Mar 12, 2015, 7:41:54 AM3/12/15
to jenkins...@googlegroups.com
Not sure about Google, but we moved to LDAP login with Role Strategy
Plugin to mange authorization. There is no migration. You define
roles all over, but defining roles is easier then in default
authorization Jenkins model (where it is done per-job)...
I guess you could parse jobs config.xml and maybe create new configuration semi-automatically, but I didn't found any tool for that.
Regards,
Nux.
I guess you could parse jobs config.xml and maybe create new configuration semi-automatically, but I didn't found any tool for that.
Regards,
Nux.
Mike Chmielewski
Mar 13, 2015, 5:15:07 PM3/13/15
to jenkins...@googlegroups.com, mac...@mol.com.pl
We already use the Role-based authorization plugin (not matrix). My concern is what happens to all the users in the internal DB, do they get erased/lose access, or are they still enabled until manually disabled, or are they linked by email address (or other) to the new system (LDAP in your case, Google Auth in mine).
Thanks for the info!
Reply all
Reply to author
Forward
0 new messages