How to login to jenkins when LDAP server is not available?

Question

I did setup jenkins with LDAP and i'm able to login. But when i stop the LDAP server I'm unable to login to jenkins using jenkin's local user account. Also always editing the config.xml is not a good idea to change security settings. Please help me.

score 2 · Answer 1 · answered Jan 20 '19 at 12:43

As of now, local user login is not possible when LDAP enabled. Jenkins internal user database is automatically disabled when you activate LDAP authentication.

Few Jenkins JIRA to get more details on this.

There is no other way except editing ~.jenkins/config.xml.

score 2 · Accepted Answer · answered Jan 21 '19 at 16:05

2

What Ive done in a previous role - is a copy of Jenkins config that allows admin & a selection of other users access when LDAP is down.

When LDAP is down , I switch manually

mv config.xml config.ldap.xml
mv config.internal.xml config.xml

Restart Jenkins ( https://stackoverflow.com/a/8077830/1935094 )

The config.internal.xml was setup before I configured LDAP. You could also backup your config.xml , configure Jenkins for internal user access , copy that off and copy back in your LDAP configured config.xml.

Anyway - the idea is that you can still get in , run jobs etc until LDAP is back.

Ive had thoughts about automating it , if LDAP is detected as down ( you could run a lookup periodically , then switch if need be...

answered Jan 21 '19 at 16:05

Gripsiden

467
2
15

I guess for now, this will be the better option. Thank you for support. – Anit kumar Jan 22 '19 at 15:42
No problem , its not perfect , but it does give you an access option. Remember to backup your config files off server too. – Gripsiden Jan 23 '19 at 11:52
this is unhelpful because you are not sharing the relevant piece that configures auth. Mind doing that? – Vincent Gerris Mar 17 '21 at 21:53
@VincentGerris Am unsure what you mean. I take a backup before LDAP config and use that when I need to logon if LDAP is down. You need to take care of LDAP config on your instance and this will be different from environment to environment so I didnt need to share that. ( I only shared the concept of before / after LDAP config file usage ) . Hope that helps. – Gripsiden Mar 18 '21 at 08:07

score 0 · Answer 3 · answered Jan 21 '19 at 12:30

0

Better option is to migrate(LDAP user) to Jenkins own user database.

answered Jan 21 '19 at 12:30

Aakizone

235
1
4

Hi @Aakizone, how to migrate LDAP users to Jenkins own user database? – skg Aug 30 '22 at 13:29

score 0 · Answer 4 · answered May 27 '20 at 18:51

0

FOR FUTURE:
- Add a secondary LDAP server on Jenkins host.
- Remember to check "Ignore if unavailable" on the first LDAP.

More info

answered May 27 '20 at 18:51

Riccardo79

954
4
17
35

How to login to jenkins when LDAP server is not available?

4 Answers4