How to integrate Jenkins with Google LDAP service

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

How to integrate Jenkins with Google LDAP service

Alex Domoradov
Hello,

Does anyone has successes in such kind of integration? Because Google LDAP service requires certificate authentication I can't point Jenkins directly to the ldaps://ldap.google.com. I have tried to use stunnel but without success.

Jenkins: 2.150.2
LDAP plugin: 1.20

Jenkins settings



172.17.0.1 is the address of stunnel. I use the following config with stunnel

# cat /etc/stunnel/ldap.conf 
[ldap]
client = yes
accept = 127.0.0.1:389
connect = ldap.google.com:636
cert = /etc/stunnel/gldap.crt
key = /etc/stunnel/gldap.key

Also I have tried to import google certificate and private key to my own keystore
$ openssl pkcs12 -export -out ldap.google.com.pkcs12 \
-inkey gldap.key -in gldap.crt

$ keytool -v -importkeystore -srckeystore ldap.google.com.pkcs12 \
-srcstoretype PKCS12 -destkeystore cacerts -deststoretype JKS

and point Jenkins to it
-Djavax.net.ssl.keyStore=/var/jenkins_home/.cacerts/cacerts -Djavax.net.ssl.keyStorePassword=changeit

But without success. Did I miss something?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAK90gp6bRm-Ad_4_Dg9eLnh6QOwXmC4hPBu9guoGojvZe3OM%2BQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: How to integrate Jenkins with Google LDAP service

Alex Domoradov
Any advise?

On Monday, February 11, 2019 at 1:37:45 PM UTC+2, Alex Domoradov wrote:
Hello,

Does anyone has successes in such kind of integration? Because Google LDAP service requires certificate authentication I can't point Jenkins directly to the ldaps://<a href="http://ldap.google.com" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://ldap.google.com&#39;;return true;" onclick="this.href=&#39;http://ldap.google.com&#39;;return true;">ldap.google.com. I have tried to use stunnel but without success.

Jenkins: 2.150.2
LDAP plugin: 1.20

Jenkins settings

<a href="https://i.imgur.com/rShdcmR.png" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fi.imgur.com%2FrShdcmR.png\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGVzNO7FfRmKwyw7dUNIa1PqhA6Jg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fi.imgur.com%2FrShdcmR.png\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGVzNO7FfRmKwyw7dUNIa1PqhA6Jg&#39;;return true;">https://i.imgur.com/rShdcmR.png

<a href="https://i.imgur.com/RC0crE9.png" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fi.imgur.com%2FRC0crE9.png\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFaPl4E6wb4Hn9WFZroydu1ymjmMw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fi.imgur.com%2FRC0crE9.png\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFaPl4E6wb4Hn9WFZroydu1ymjmMw&#39;;return true;">https://i.imgur.com/RC0crE9.png

172.17.0.1 is the address of stunnel. I use the following config with stunnel

# cat /etc/stunnel/ldap.conf 
[ldap]
client = yes
accept = <a href="http://127.0.0.1:389" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2F127.0.0.1%3A389\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHOm6tB3imHdUuiZuCIbWcsavP7hw&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2F127.0.0.1%3A389\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHOm6tB3imHdUuiZuCIbWcsavP7hw&#39;;return true;">127.0.0.1:389
connect = <a href="http://ldap.google.com:636" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://ldap.google.com:636&#39;;return true;" onclick="this.href=&#39;http://ldap.google.com:636&#39;;return true;">ldap.google.com:636
cert = /etc/stunnel/gldap.crt
key = /etc/stunnel/gldap.key

Also I have tried to import google certificate and private key to my own keystore
$ openssl pkcs12 -export -out ldap.google.com.pkcs12 \
-inkey gldap.key -in gldap.crt

$ keytool -v -importkeystore -srckeystore ldap.google.com.pkcs12 \
-srcstoretype PKCS12 -destkeystore cacerts -deststoretype JKS

and point Jenkins to it
-Djavax.net.ssl.keyStore=/var/jenkins_home/.cacerts/cacerts -Djavax.net.ssl.keyStorePassword=changeit

But without success. Did I miss something?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/beec4da0-439c-4a60-958e-70bd47df2d27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: How to integrate Jenkins with Google LDAP service

Mukesh Yadav
Hello Alex 
do you get any success in jenkins integration with stunnel?

On Tuesday, February 12, 2019 at 9:45:27 PM UTC+5:30, Alex Domoradov wrote:
Any advise?

On Monday, February 11, 2019 at 1:37:45 PM UTC+2, Alex Domoradov wrote:
Hello,

Does anyone has successes in such kind of integration? Because Google LDAP service requires certificate authentication I can't point Jenkins directly to the ldaps://<a href="http://ldap.google.com" rel="nofollow" target="_blank" onmousedown="this.href=&#39;http://ldap.google.com&#39;;return true;" onclick="this.href=&#39;http://ldap.google.com&#39;;return true;">ldap.google.com. I have tried to use stunnel but without success.

Jenkins: 2.150.2
LDAP plugin: 1.20

Jenkins settings

<a href="https://i.imgur.com/rShdcmR.png" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fi.imgur.com%2FrShdcmR.png\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGVzNO7FfRmKwyw7dUNIa1PqhA6Jg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fi.imgur.com%2FrShdcmR.png\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGVzNO7FfRmKwyw7dUNIa1PqhA6Jg&#39;;return true;">https://i.imgur.com/rShdcmR.png

<a href="https://i.imgur.com/RC0crE9.png" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fi.imgur.com%2FRC0crE9.png\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFaPl4E6wb4Hn9WFZroydu1ymjmMw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fi.imgur.com%2FRC0crE9.png\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFaPl4E6wb4Hn9WFZroydu1ymjmMw&#39;;return true;">https://i.imgur.com/RC0crE9.png

172.17.0.1 is the address of stunnel. I use the following config with stunnel

# cat /etc/stunnel/ldap.conf 
[ldap]
client = yes
accept = <a href="http://127.0.0.1:389" rel="nofollow" target="_blank" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2F127.0.0.1%3A389\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHOm6tB3imHdUuiZuCIbWcsavP7hw&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2F127.0.0.1%3A389\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHOm6tB3imHdUuiZuCIbWcsavP7hw&#39;;return true;">127.0.0.1:389
connect = <a href="http://ldap.google.com:636" rel="nofollow" target="_blank" onmousedown="this.href=&#39;http://ldap.google.com:636&#39;;return true;" onclick="this.href=&#39;http://ldap.google.com:636&#39;;return true;">ldap.google.com:636
cert = /etc/stunnel/gldap.crt
key = /etc/stunnel/gldap.key

Also I have tried to import google certificate and private key to my own keystore
$ openssl pkcs12 -export -out ldap.google.com.pkcs12 \
-inkey gldap.key -in gldap.crt

$ keytool -v -importkeystore -srckeystore ldap.google.com.pkcs12 \
-srcstoretype PKCS12 -destkeystore cacerts -deststoretype JKS

and point Jenkins to it
-Djavax.net.ssl.keyStore=/var/jenkins_home/.cacerts/cacerts -Djavax.net.ssl.keyStorePassword=changeit

But without success. Did I miss something?

Your feedback matters - At Knoldus we aim to be very professional in our quality of work, commitment to results, and proactive communication. If you feel otherwise please share your feedback and we would work on it. 

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6aff3646-6ba2-4f05-8a3a-4adb7c37c6eeo%40googlegroups.com.