How to setup multiple way of authentication in Jenkins such as LDAP and Jenkins User database?

Question

Actually the authentication into our Jenkins is done through LDAP.

Some people in my team are not member of the LDAP.

Is there a way to use both LDAP and Jenkins user database?

It might be possible with the mixing-security-realm-plugin: https://github.com/jenkinsci/mixing-security-realm-plugin — Nicolas Forney, Nov 09 '21 at 13:29

OrangeDog · Answer 1 · 2019-03-07T15:36:04.513

2

This is not possible as described. The feature request is JENKINS-15063.

However, it is possible to approximate in a few ways (though the Jenkins user database still won't be usable).

For multiple LDAP realms you can set up a single proxy server that combines the forests.
Using PAM you can define multiple authentication sources and fallbacks in e.g. /etc/pam.d/jenkins

edited Mar 07 '19 at 15:36

answered Mar 07 '19 at 15:22

OrangeDog

score -5 · Answer 2 · answered Apr 20 '18 at 09:36

Yes that's possible and requires 2 steps:

Add a user
Navigate to Jenkins -> Manage Jenkins -> Configure Global Security.
Under Authorization you need to configure who can do what. You can add LDAP groups and/or users and fine tune what they are allowed to do.
If you enabled Matrix-based or Project/Matrix-based authorization then you have a field to add new users/groups. You can add users that are known to LDAP or not known.
Add Credentials
If you added a user that is not known to LDAP you need to create the credentials in Jenkins (i.e. password).
Navigate to Jenkins -> Credentials -> System -> Global Credentials -> Add Credentials
Then add username and password.

Doesn't work for me. At least with Jenkins 2.150.3. It gives me ```401 Invalid password/token for user: non_ldap_user``` — ALex_hha, Feb 19 '19 at 11:18
credential are used to access third party sites/tools, not for login in to jenkins — alban maillere, Mar 06 '19 at 09:26

2 Answers2