Active_Directory [SOLVED]: Jenkins + LDAP Plugin — Any way to have a login backdoor?

Active_Directory [SOLVED]: Jenkins + LDAP Plugin — Any way to have a login backdoor?

Home Forums Active Directory Active_Directory [SOLVED]: Jenkins + LDAP Plugin — Any way to have a login backdoor?

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #34632

    Anonymous

    QuestionQuestion

    Any time I authenticate a system with LDAP/AD I like to have at least one “local” admin that can get in even if Directory Services go down/have an issue. Essentially a “backdoor” just in case the directory service has an issue.

    Is this possible in Jenkins? I can only see the option to enable 1 authentication method at a time.

    #34633

    Anonymous

    Accepted AnswerAnswer

    You’re right that vanilla Jenkins can’t do more than one authn/authz type, which makes local accounts infeasible. In the scenario where LDAP is unavailable temporarily, what I’ve done in the past is shut down Jenkins, disable authn/authz via editing Jenkins’ config.xml (on my Linux systems the full path is /var/lib/jenkins/config.xml), and then restart Jenkins. Specifically, you’ll want to change this line:

    <useSecurity>true</useSecurity>
    

    To:

    <useSecurity>false</useSecurity>
    

    Note that this will give admin access to anonymous users, so use with caution. If you are comfortable with editing XML by hand, it’s also possible to edit this file in such a way as to allow admin access via logging in with a local account.

    You can also do any of this with a Groovy script if you happen to have an active session with administrative permissions.

    Source: https://serverfault.com/questions/885415/jenkins-ldap-plugin-any-way-to-have-a-login-backdoor
    Author: jayhendren
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.