Rundeck - Open Source - LDAP - How to pass bindUser and bindPassword as encrypted values

[naveen krishna vadakoppula]

Hi Team,

I have successfully configured our Active Directory integrated login into Rundeck.

However due to security reasons, I need to insert encrypted values for bindUser and bindPassword parameters for jaas-activedirectory.conf file

Below is for your ref:

activedirectory {

    com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required

    debug="true"

    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"

    providerUrl="ldap://X.X.X.X:389"

    bindDn="ab...@xyz.com"

    bindPassword="password@123"

    authenticationMethod="simple"

    forceBindingLogin="true"

    userBaseDn="DC=xyz,DC=com"

    userRdnAttribute="sAMAccountName"

    userIdAttribute="sAMAccountName"

    userPasswordAttribute="unicodePwd"

    userObjectClass="user"

    roleBaseDn="OU=Service Accounts,DC=xyz,DC=com"

    roleNameAttribute="cn"

    roleMemberAttribute="member"

    roleObjectClass="group"

    cacheDurationMillis="300000"

    reportStatistics="true";

};

Please have a look and help me

Thank you

Naveen Krishna

[rac...@rundeck.com]

Hi Naveen,

That's possible on Rundeck Enterprise, take a look at this thread and this documentation link

Regards!

[naveen krishna vadakoppula]

Hi Team 

Can’t we use MD5 or Crypt values generated by password utility?

Thank you 

Naveen Krishna 

--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/2f1f45d6-4361-44bd-a635-98fbd6c2ac2bn%40googlegroups.com.

[naveen krishna vadakoppula]

Team,

This is the only blocker to proceed for implementation in our organization.

Able to cross all the obstacles to use Rundeck. Since more than 3 months we were fighting with IT-Security TSR review process and now finally at this blocker and only blocker.

And we are trying hard to push Rundeck in to our environment and have plans for enterprise versions subscriptions as well

But for we need to prove its worth with this open source version

Can you please reply with some alternatives, With which we can eliminate entering raw text password in bindPassword for jaas-activedirectory.conf

And not sure if we can use MD5 and CRYPT values generated by Rundeck-Password Utility Tool

Thank you in advance

Naveen Krishna

[rac...@rundeck.com]

Hi Naveen,

It is not possible to crypt the password using MD5 for the bindPassword parameter. The bindPassword is used to directly authenticate to LDAP, so must be cleartext. To avoid that, on Enterprise you can use rundeck.security.ldap.bindPassword parameter on the rundeck-config.properties file after using the Jasypt encryption tool, following this. On Community, you can use the encryption tool to encrypt the realm.properties users passwords, take a look at this.

Alternatively, you can “secure” the jaas-ldap.conf file only readable by rundeck user on your operating system.

Regards!

​