FreeIPA/Red Hat IDM and Jenkins LDAP Auth

This is an extremely short how to regarding the setup of FreeIPA or RH IDM and Jenkins. The guide demonstrates how to configure user and group authentication and authorization using the Jenkins Matrix Based Security plugin. This will allow you to define finer grain access to your Jenkins instances based on LDAP group membership.

Screenshot is worth a thousand words:

screenshot-from-2016-12-05-12-18-01

screenshot-from-2016-12-05-13-20-14

The key takeaways are:

  1. the search base should be limited to the cn=users,cn=accounts subtree. The search filter uid={0} will match the username of the user attempting to login to their IPA/IDM uid field.
  2. Group searches need to be limited to the compat tree, this returns all groups with members of each group defined as memberUid. I believe this may be dependent on the way you create groups in IPA/IDM, ie you need to enable compat.
  3. Group membership is dependant on jenkins determining if memberUid={0} ie the username appearing in a group.
  4. You can visualize this by performing an ldapsearch against the LDAP in question.

    ldapsearch -x -h ldap.example.com  -b cn=groups,cn=compat,dc=example,dc=com

  5. Add the list of groups to the matrix list that you wish to define access rules for. The UI will update dynamically to indicate if the group is found in the LDAP directory.
  6. Most if not all groups should have at least the global READ permission otherwise they cannot do anything in the UI. Exceptions to this would possibly be svc_accounts used for remote hooks etc

Australian Brewery The Extra Hoppy Ale

Crofty's Beer Blog

This one is about as local as you get to me. the Australian Brewery is located in a suburb called Rouse Hill, about 40-50 minutes drive from where I live. They are one of the few craft breweries in Australia that produce beer in cans and one of these, more recently has been this “Extra Hoppy Ale”.

An American Amber style beer it pours a coppery gold colour, large off-white head. The aroma is more malt than hops though which suggests they focus on earlier additions. Not getting a lot of hop aroma here so we should probably move on.

The taste is a little bit hop forward, there’s some peppery flavour up front, not sure what hops they’re using, seems to be more of the earthier hops though. not what I was was expecting, none of the citrus you normally associate with a phrase like “Extra Hoppy” but nonetheless…

View original post 37 more words