Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33422

Provide a way to get back into Jenkins when active directory bind password expire

      In my corporation, all activedirectory account are setup to have a password that expire every 40 days.

      This include the account used as bind account for querying activedirectory with active-directory-plugin.

      When the password is changed, if I'm not currently logged in Jenkins, I have no way to get back logged-in in order to change the password. The only workaround I found is to stop jenkins, set useSecurity to false in config.xml, restart it and reconfigure the authentication using new password. This is not very convenient.

      I have two ideas of feature that can solve this problem:

      • The active-directory-plugin can provide a tool to encrypt the password from command line or from a cli command that is accessible to anonymous user, then the encrypted password can be replaced in config.xml file (this can be done automatically from a shell script when a password change is detected).
      • The jenkins core can allow to use two authentication at the same time: the one that is mainly used and a backup one (for example fixed to "use jenkins internal database") providing an always accessible "admin" login.

          [JENKINS-33422] Provide a way to get back into Jenkins when active directory bind password expire

          See https://issues.jenkins-ci.org/browse/JENKINS-15063. Essentially, this would require an incompatible change.

          Joshua Hoblitt added a comment - See https://issues.jenkins-ci.org/browse/JENKINS-15063 . Essentially, this would require an incompatible change.

          Instead you can create a checkbox to fallback momentary into Jenkins user database. I think this might be possible.

          Félix Belzunce Arcos added a comment - Instead you can create a checkbox to fallback momentary into Jenkins user database. I think this might be possible.

          Denys Digtiar added a comment -

           

          According to https://plugins.jenkins.io/active-directory the fallback-user is available since 2.5.

          Denys Digtiar added a comment -   According to  https://plugins.jenkins.io/active-directory  the fallback-user is available since 2.5.

            fbelzunc Félix Belzunce Arcos
            fievez Florent Fievez
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: